Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.

author: 007 <007gzs@gmail.com> 2020-02-21 13:25:22 +0800
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-02-28 14:43:16 +0100
commit: e65fea9292ffdeb9bb76062f6cb2a5ff514ae969 (patch)
tree: 994b6d3c9ccf4b2b9b7a2f51e6a98a8b1476d888 /tests/file_uploads
parent: a21f7b91db273a03abfb47b0580bb39e0043c99a (diff)
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
index db9b915d35..5743344a51 100644
--- a/tests/file_uploads/tests.py
+++ b/tests/file_uploads/tests.py
@@ -162,6 +162,48 @@ class FileUploadTests(TestCase):
         response = self.client.request(**r)
         self.assertEqual(response.status_code, 200)
 
+    def test_unicode_file_name_rfc2231_with_double_quotes(self):
+        payload = client.FakePayload()
+        payload.write('\r\n'.join([
+            '--' + client.BOUNDARY,
+            'Content-Disposition: form-data; name="file_unicode"; '
+            'filename*="UTF-8\'\'%s"' % quote(UNICODE_FILENAME),
+            'Content-Type: application/octet-stream',
+            '',
+            'You got pwnd.\r\n',
+            '\r\n--' + client.BOUNDARY + '--\r\n',
+        ]))
+        r = {
+            'CONTENT_LENGTH': len(payload),
+            'CONTENT_TYPE': client.MULTIPART_CONTENT,
+            'PATH_INFO': '/unicode_name/',
+            'REQUEST_METHOD': 'POST',
+            'wsgi.input': payload,
+        }
+        response = self.client.request(**r)
+        self.assertEqual(response.status_code, 200)
+
+    def test_unicode_name_rfc2231_with_double_quotes(self):
+        payload = client.FakePayload()
+        payload.write('\r\n'.join([
+            '--' + client.BOUNDARY,
+            'Content-Disposition: form-data; name*="UTF-8\'\'file_unicode"; '
+            'filename*="UTF-8\'\'%s"' % quote(UNICODE_FILENAME),
+            'Content-Type: application/octet-stream',
+            '',
+            'You got pwnd.\r\n',
+            '\r\n--' + client.BOUNDARY + '--\r\n'
+        ]))
+        r = {
+            'CONTENT_LENGTH': len(payload),
+            'CONTENT_TYPE': client.MULTIPART_CONTENT,
+            'PATH_INFO': '/unicode_name/',
+            'REQUEST_METHOD': 'POST',
+            'wsgi.input': payload,
+        }
+        response = self.client.request(**r)
+        self.assertEqual(response.status_code, 200)
+
     def test_blank_filenames(self):
         """
         Receiving file upload when filename is blank (before and after
author	007 <007gzs@gmail.com>	2020-02-21 13:25:22 +0800
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-02-28 14:43:16 +0100
commit	e65fea9292ffdeb9bb76062f6cb2a5ff514ae969 (patch)
tree	994b6d3c9ccf4b2b9b7a2f51e6a98a8b1476d888 /tests/file_uploads
parent	a21f7b91db273a03abfb47b0580bb39e0043c99a (diff)