[1.6.x] Fixed #22996 -- Prevented crash with unencoded query string

Thanks Jorge Carleitao for the report and Aymeric Augustin, Tim Graham
for the reviews.
Backport of fa02120d36 from master.

2 files changed, 7 insertions, 3 deletions

diff --git a/django/core/handlers/wsgi.py b/django/core/handlers/wsgi.py
index adc8804b80..f9b2633bb6 100644
--- a/django/core/handlers/wsgi.py
+++ b/django/core/handlers/wsgi.py
@@ -134,7 +134,7 @@ class WSGIRequest(http.HttpRequest):
             # The WSGI spec says 'QUERY_STRING' may be absent.
             raw_query_string = self.environ.get('QUERY_STRING', str(''))
             if six.PY3:
-                raw_query_string = raw_query_string.encode('iso-8859-1').decode('utf-8')
+                raw_query_string = raw_query_string.encode('iso-8859-1')
             self._get = http.QueryDict(raw_query_string, encoding=self._encoding)
         return self._get
 
diff --git a/django/http/request.py b/django/http/request.py
index deb0724fc7..1a9a038b7e 100644
--- a/django/http/request.py
+++ b/django/http/request.py
@@ -290,8 +290,12 @@ class QueryDict(MultiValueDict):
         self.encoding = encoding
         if six.PY3:
             if isinstance(query_string, bytes):
-                # query_string contains URL-encoded data, a subset of ASCII.
-                query_string = query_string.decode()
+                # query_string normally contains URL-encoded data, a subset of ASCII.
+                try:
+                    query_string = query_string.decode(encoding)
+                except UnicodeDecodeError:
+                    # ... but some user agents are misbehaving :-(
+                    query_string = query_string.decode('iso-8859-1')
             for key, value in parse_qsl(query_string or '',
                                         keep_blank_values=True,
                                         encoding=encoding):