django.git/tests/requests_tests/tests.py, branch stable/6.0.x

django.git/tests/requests_tests/tests.py, branch stable/6.0.x django http://cgit.adnoto.dev/django.git/atom?h=stable%2F6.0.x 2026-04-07T11:22:16Z [6.0.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser. 2026-04-07T11:22:16Z Natalia 124304+nessita@users.noreply.github.com 2026-03-05T17:41:44Z urn:sha1:0910af60468216c856dfbcac1177372c225deb76 When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch. Backport of 7e9885f99cee771b51692fadc5592bdbf19641aa from main. Refs #36520 -- Ensured only the header value is passed to parse_header_parameters for multipart requests. 2025-08-28T17:25:36Z Jake Howard git@theorangeone.net 2025-08-20T15:04:48Z urn:sha1:41ff30f6f9d072036be1f74db8f0c8b21565299f Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior. Refs #36500 -- Rewrapped long docstrings and block comments via a script. 2025-07-23T23:17:55Z django-bot ops@djangoproject.com 2025-07-23T03:41:41Z urn:sha1:69a93a88edb56ba47f624dac7a21aacc47ea474f Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. Fixed #36332 -- Corrected HttpRequest.get_full_path() and HttpRequest.get_full_path_info() examples. 2025-05-13T15:41:17Z Aleksandr Safonov sashakashvile@gmail.com 2025-04-18T13:46:02Z urn:sha1:96c79be4e436f0b3045421556a2253cbff4533dc Refs #21442 -- Increased test coverage of requests. 2023-11-28T08:33:59Z David Smith smithdc@gmail.com 2023-11-25T14:57:45Z urn:sha1:76280b4f4d7547dc869b71c22f658095a1565875 Fixed #34968 -- Made multipart parsing of headers raise an error on too long headers. 2023-11-24T11:06:54Z Standa Opichal stanislav.opichal@rossum.ai 2023-11-10T16:40:24Z urn:sha1:1c6e8ec4ed6d9c374161eda965160e4782c7d71e This also allow customizing the maximum size of headers via MAX_TOTAL_HEADER_SIZE. Fixed #34709 -- Raised BadRequest for non-UTF-8 requests with the application/x-www-form-urlencoded content type. 2023-08-25T19:27:22Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-08-25T19:27:22Z urn:sha1:11920e77959deaa65eb86ccc5d39da903fd3dd41 Thanks Eki Xu for the report. Added more tests for django.http.request.split_domain_port(). 2023-08-02T11:06:23Z Nick Pope nick@nickpope.me.uk 2023-07-27T15:09:09Z urn:sha1:c77fbda7ceaf00d09c322b6e0d0b0b82b4f32e98 Added MultiPartParser tests for parsing base64-encoded fields. 2023-06-07T03:44:27Z benebsiny stu995106@hotmail.com.tw 2023-06-06T08:31:49Z urn:sha1:7cc138a58f73c17f07cfaf459ef8e7677ac41ac0 Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling HttpRequest and subclasses." 2023-04-12T16:52:43Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-04-12T07:25:45Z urn:sha1:280ca147af9cdfce1ca9cb14cc3c5527ff6c7a02 This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports.