#9140: bug in django.http.multipartparser.MultiPartParser after
HttpResponseRedirect of a form post with files
---------------------------+------------------------------------------------
Reporter: nbstrite | Owner: nobody
Status: new | Milestone:
Component: HTTP handling | Version: 1.0
Keywords: | Stage: Unreviewed
Has_patch: 1 |
---------------------------+------------------------------------------------
There is a bug in django.http.multipartparser.MultiPartParser where by if
you redirect after a multipart/form-data post. This bug is avoidable if
request.POST is not accessed outside of a "if request.method == 'POST':"
conditional, but I feel that it is a bug none the less.
====== View that will recreate bug =======
import from django.http import HttpResponseRedirect, HttpResponse
def test(request):
# this is obviously not a best practice, we should nest this
# under a "if request.method == 'POST':" conditional. But some
middleware
# out of our control might access request.POST in an unsafe fashion
request.POST.keys()
if request.method == 'POST':
return HttpResponseRedirect('/')
return HttpResponse("<form enctype='multipart/form-data' action='/'
method='post'><input type='submit' /></form>")
===================
The solutions are to either:
a) expect that nothing will ever attempt to access request.POST or
request.FILES outside of a request.method == 'POST' conditional
b) Accept 0 length CONTENT_LENGTH submissions as perfectly valid
(attached patch)
--
Ticket URL: <http://code.djangoproject.com/ticket/9140>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
