diff options
| author | Claude Paroz <claude@2xlibre.net> | 2012-10-20 14:33:57 +0200 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2012-10-20 14:56:16 +0200 |
| commit | dfd4a7175119ddb422d8426dcc15902265d5a428 (patch) | |
| tree | 401b547f104a9d45a098d61f40b901b6eea71243 /tests/regressiontests/requests/tests.py | |
| parent | eed4faf16f37a8b0af06a52eada05b84dead4c0d (diff) | |
Fixed #5611 -- Restricted accepted content types in parsing POST data
Thanks paulegan for the report and Preston Holmes for the review.
Diffstat (limited to 'tests/regressiontests/requests/tests.py')
| -rw-r--r-- | tests/regressiontests/requests/tests.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/regressiontests/requests/tests.py b/tests/regressiontests/requests/tests.py index d80161371e..378b4cf6d9 100644 --- a/tests/regressiontests/requests/tests.py +++ b/tests/regressiontests/requests/tests.py @@ -330,6 +330,7 @@ class RequestsTests(unittest.TestCase): def test_stream(self): payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) self.assertEqual(request.read(), b'name=value') @@ -341,6 +342,7 @@ class RequestsTests(unittest.TestCase): """ payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) self.assertEqual(request.POST, {'name': ['value']}) @@ -354,6 +356,7 @@ class RequestsTests(unittest.TestCase): """ payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) self.assertEqual(request.read(2), b'na') @@ -402,9 +405,28 @@ class RequestsTests(unittest.TestCase): 'wsgi.input': BytesIO(payload)}) self.assertEqual(request.POST, {}) + def test_POST_binary_only(self): + payload = b'\r\n\x01\x00\x00\x00ab\x00\x00\xcd\xcc,@' + environ = {'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/octet-stream', + 'CONTENT_LENGTH': len(payload), + 'wsgi.input': BytesIO(payload)} + request = WSGIRequest(environ) + self.assertEqual(request.POST, {}) + self.assertEqual(request.FILES, {}) + self.assertEqual(request.body, payload) + + # Same test without specifying content-type + environ.update({'CONTENT_TYPE': '', 'wsgi.input': BytesIO(payload)}) + request = WSGIRequest(environ) + self.assertEqual(request.POST, {}) + self.assertEqual(request.FILES, {}) + self.assertEqual(request.body, payload) + def test_read_by_lines(self): payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) self.assertEqual(list(request), [b'name=value']) @@ -415,6 +437,7 @@ class RequestsTests(unittest.TestCase): """ payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) raw_data = request.body @@ -427,6 +450,7 @@ class RequestsTests(unittest.TestCase): """ payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': BytesIO(payload)}) raw_data = request.body @@ -479,6 +503,7 @@ class RequestsTests(unittest.TestCase): payload = b'name=value' request = WSGIRequest({'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'CONTENT_LENGTH': len(payload), 'wsgi.input': ExplodingBytesIO(payload)}) |