diff options
Diffstat (limited to 'django/http')
| -rw-r--r-- | django/http/request.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/django/http/request.py b/django/http/request.py index 86ea68c20c..fe15a173be 100644 --- a/django/http/request.py +++ b/django/http/request.py @@ -7,6 +7,7 @@ from urllib.parse import parse_qsl, quote, urlencode, urljoin, urlsplit from django.conf import settings from django.core import signing from django.core.exceptions import ( + BadRequest, DisallowedHost, ImproperlyConfigured, RequestDataTooBig, @@ -377,10 +378,16 @@ class HttpRequest: self._mark_post_parse_error() raise elif self.content_type == "application/x-www-form-urlencoded": - self._post, self._files = ( - QueryDict(self.body, encoding=self._encoding), - MultiValueDict(), - ) + # According to RFC 1866, the "application/x-www-form-urlencoded" + # content type does not have a charset and should be always treated + # as UTF-8. + if self._encoding is not None and self._encoding.lower() != "utf-8": + raise BadRequest( + "HTTP requests with the 'application/x-www-form-urlencoded' " + "content type must be UTF-8 encoded." + ) + self._post = QueryDict(self.body, encoding="utf-8") + self._files = MultiValueDict() else: self._post, self._files = ( QueryDict(encoding=self._encoding), |