django.git/tests/requests_tests/tests.py, branch main

django.git/tests/requests_tests/tests.py, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-22T18:25:08Z Fixed #36991 -- Raised BadRequest for invalid encodings in Content-Type headers. 2026-04-22T18:25:08Z Dinesh dineshthumma15@gmail.com 2026-03-21T17:21:11Z urn:sha1:dc467fdc3b5744cec71fab876c23a14013e2510b Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser. 2026-04-07T11:12:23Z Natalia 124304+nessita@users.noreply.github.com 2026-03-05T17:41:44Z urn:sha1:7e9885f99cee771b51692fadc5592bdbf19641aa When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch. Fixed #36931 -- Handled LookupError in multipart parser for invalid RFC 2231 encoding. 2026-02-24T18:44:42Z sammiee5311 sammiee5311@gmail.com 2026-02-16T03:21:03Z urn:sha1:e84dc8715e91d51364ba6bda2b2fb07e7a8b750e Added LookupError to the except clause so invalid headers are silently skipped, consistent with other malformed header handling. Fixed #36841 -- Made multipart parser class pluggable on HttpRequest. 2026-02-10T22:59:02Z farhan farhanalirazaazeemi@gmail.com 2026-01-05T19:34:39Z urn:sha1:7732f942a98a709750fc1fed2c69741183844a3c Refs #36520 -- Ensured only the header value is passed to parse_header_parameters for multipart requests. 2025-08-28T17:25:36Z Jake Howard git@theorangeone.net 2025-08-20T15:04:48Z urn:sha1:41ff30f6f9d072036be1f74db8f0c8b21565299f Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior. Refs #36500 -- Rewrapped long docstrings and block comments via a script. 2025-07-23T23:17:55Z django-bot ops@djangoproject.com 2025-07-23T03:41:41Z urn:sha1:69a93a88edb56ba47f624dac7a21aacc47ea474f Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. Fixed #36332 -- Corrected HttpRequest.get_full_path() and HttpRequest.get_full_path_info() examples. 2025-05-13T15:41:17Z Aleksandr Safonov sashakashvile@gmail.com 2025-04-18T13:46:02Z urn:sha1:96c79be4e436f0b3045421556a2253cbff4533dc Refs #21442 -- Increased test coverage of requests. 2023-11-28T08:33:59Z David Smith smithdc@gmail.com 2023-11-25T14:57:45Z urn:sha1:76280b4f4d7547dc869b71c22f658095a1565875 Fixed #34968 -- Made multipart parsing of headers raise an error on too long headers. 2023-11-24T11:06:54Z Standa Opichal stanislav.opichal@rossum.ai 2023-11-10T16:40:24Z urn:sha1:1c6e8ec4ed6d9c374161eda965160e4782c7d71e This also allow customizing the maximum size of headers via MAX_TOTAL_HEADER_SIZE. Fixed #34709 -- Raised BadRequest for non-UTF-8 requests with the application/x-www-form-urlencoded content type. 2023-08-25T19:27:22Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-08-25T19:27:22Z urn:sha1:11920e77959deaa65eb86ccc5d39da903fd3dd41 Thanks Eki Xu for the report.