Re: [Django] #19081: Non-ASCII query string aren't decoded properly

[Django]

#19081: Non-ASCII query string aren't decoded properly
---------------------------------+-------------------------------------
     Reporter:  aaugustin        |                    Owner:  aaugustin
         Type:  Bug              |                   Status:  new
    Component:  HTTP handling    |                  Version:  master
     Severity:  Release blocker  |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  1                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+-------------------------------------
Changes (by aaugustin):

 * needs_better_patch:  0 => 1


Old description:

> In [fcc8de05] I enabled `unicode_literals` in
> `django.core.servers.basehttp`.
>
> This turns `environ['QUERY_STRING']` into a unicode string, which later
> on prevents correct decoding in `QueryDict`.
>
> Basically the fix is:
>
> {{{
> diff --git a/django/core/servers/basehttp.py
> b/django/core/servers/basehttp.py
> index 19b287a..af8f2a0 100644
> --- a/django/core/servers/basehttp.py
> +++ b/django/core/servers/basehttp.py
> @@ -144,9 +144,9 @@ class
> WSGIRequestHandler(simple_server.WSGIRequestHandler, object):
>          env['SERVER_PROTOCOL'] = self.request_version
>          env['REQUEST_METHOD'] = self.command
>          if '?' in self.path:
> -            path,query = self.path.split('?',1)
> +            path, query = self.path.split(b'?', 1)
>          else:
> -            path,query = self.path,''
> +            path, query = self.path, b''
>
>          env['PATH_INFO'] = unquote(path)
>          env['QUERY_STRING'] = query
> }}}
>
> An audit of this module seems necessary. It may even be extended to
> `django.core.servers`.

New description:

 In [fcc8de05] I enabled `unicode_literals` in
 `django.core.servers.basehttp`.

 This turns `environ['QUERY_STRING']` into a unicode string, which later on
 prevents correct decoding in `QueryDict`.

 A quick'n'dirty, Python 2 only fix is:

 {{{
 diff --git a/django/core/servers/basehttp.py
 b/django/core/servers/basehttp.py
 index 19b287a..af8f2a0 100644
 --- a/django/core/servers/basehttp.py
 +++ b/django/core/servers/basehttp.py
 @@ -144,9 +144,9 @@ class
 WSGIRequestHandler(simple_server.WSGIRequestHandler, object):
          env['SERVER_PROTOCOL'] = self.request_version
          env['REQUEST_METHOD'] = self.command
          if '?' in self.path:
 -            path,query = self.path.split('?',1)
 +            path, query = self.path.split(b'?', 1)
          else:
 -            path,query = self.path,''
 +            path, query = self.path, b''

          env['PATH_INFO'] = unquote(path)
          env['QUERY_STRING'] = query
 }}}

 An audit of this module seems necessary. It may even be extended to
 `django.core.servers`.

--

-- 
Ticket URL: <https://code.djangoproject.com/ticket/19081#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.