diff options
| author | Claude Paroz <claude@2xlibre.net> | 2014-10-12 20:53:19 +0200 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2014-10-13 17:39:23 +0200 |
| commit | 6398ebab93a6a19afd1aee9cef120f052a801717 (patch) | |
| tree | 2d31df16da46979bb8e6e402b88c396cec30e999 | |
| parent | bc13a08f89b4a9b7980588b013f358b2721c42a6 (diff) | |
[1.7.x] Fixed #23638 -- Prevented crash while parsing invalid cookie content
Thanks Philip Gatt for the report and Tim Graham for the review.
Backport of 59d487e7fc from master.
| -rw-r--r-- | django/core/handlers/wsgi.py | 2 | ||||
| -rw-r--r-- | docs/releases/1.7.1.txt | 3 | ||||
| -rw-r--r-- | tests/handlers/tests.py | 10 |
3 files changed, 14 insertions, 1 deletions
diff --git a/django/core/handlers/wsgi.py b/django/core/handlers/wsgi.py index 846c48e867..6c3b87c916 100644 --- a/django/core/handlers/wsgi.py +++ b/django/core/handlers/wsgi.py @@ -259,4 +259,4 @@ def get_str_from_wsgi(environ, key, default): """ value = environ.get(str(key), str(default)) # Same comment as above - return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8) + return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8, errors='replace') diff --git a/docs/releases/1.7.1.txt b/docs/releases/1.7.1.txt index 3bc15218af..4334525877 100644 --- a/docs/releases/1.7.1.txt +++ b/docs/releases/1.7.1.txt @@ -116,3 +116,6 @@ Bugfixes * Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`). * Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`). + +* Fixed a crash while parsing cookies containing invalid content + (:ticket:`23638`). diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py index a2f1b622d4..d9d2487396 100644 --- a/tests/handlers/tests.py +++ b/tests/handlers/tests.py @@ -80,6 +80,16 @@ class HandlerTests(TestCase): # much more work than fixing #20557. Feel free to remove force_str()! self.assertEqual(request.COOKIES['want'], force_str("café")) + def test_invalid_unicode_cookie(self): + """ + Invalid cookie content should result in an absent cookie, but not in a + crash while trying to decode it (#23638). + """ + environ = RequestFactory().get('/').environ + environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e' + request = WSGIRequest(environ) + self.assertEqual(request.COOKIES, {}) + class TransactionsPerRequestTests(TransactionTestCase): |
