summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2014-10-12 20:53:19 +0200
committerClaude Paroz <claude@2xlibre.net>2014-10-13 17:37:58 +0200
commit59d487e7fc02980e76dad053dd989c8b4899444f (patch)
tree1260e1c50168f4d93a432c0c14c97ac2bedfb924
parent8701b5900774be3126321c2449b4d0e8091a9725 (diff)
Fixed #23638 -- Prevented crash while parsing invalid cookie content
Thanks Philip Gatt for the report and Tim Graham for the review.
-rw-r--r--django/core/handlers/wsgi.py2
-rw-r--r--docs/releases/1.7.1.txt3
-rw-r--r--tests/handlers/tests.py10
3 files changed, 14 insertions, 1 deletions
diff --git a/django/core/handlers/wsgi.py b/django/core/handlers/wsgi.py
index 5032eed072..03138bb781 100644
--- a/django/core/handlers/wsgi.py
+++ b/django/core/handlers/wsgi.py
@@ -263,4 +263,4 @@ def get_str_from_wsgi(environ, key, default):
"""
value = environ.get(str(key), str(default))
# Same comment as above
- return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8)
+ return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8, errors='replace')
diff --git a/docs/releases/1.7.1.txt b/docs/releases/1.7.1.txt
index b66e259679..6c06857396 100644
--- a/docs/releases/1.7.1.txt
+++ b/docs/releases/1.7.1.txt
@@ -117,3 +117,6 @@ Bugfixes
* Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`).
* Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`).
+
+* Fixed a crash while parsing cookies containing invalid content
+ (:ticket:`23638`).
diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py
index ee74affcc6..31a0ac38bb 100644
--- a/tests/handlers/tests.py
+++ b/tests/handlers/tests.py
@@ -80,6 +80,16 @@ class HandlerTests(TestCase):
# much more work than fixing #20557. Feel free to remove force_str()!
self.assertEqual(request.COOKIES['want'], force_str("café"))
+ def test_invalid_unicode_cookie(self):
+ """
+ Invalid cookie content should result in an absent cookie, but not in a
+ crash while trying to decode it (#23638).
+ """
+ environ = RequestFactory().get('/').environ
+ environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e'
+ request = WSGIRequest(environ)
+ self.assertEqual(request.COOKIES, {})
+
@override_settings(ROOT_URLCONF='handlers.urls')
class TransactionsPerRequestTests(TransactionTestCase):