Opened 12 years ago

Closed 11 years ago

#18553 closed Bug (duplicate)

Django multipart parser creates mutable QueryDict

Reported by: k_bx Owned by: fred
Component: HTTP handling Version: 1.4
Severity: Normal Keywords:
Cc: k_bx, fred Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When you send multipart request (which, unfortunately, is sent every time your testclient does POST-request https://code.djangoproject.com/ticket/18552 ), your view will get request.POST to be QueryDict with request.POST._mutable == True.

This caused me to write test that passes (sends POST-request and modifies request.POST in view), but production that fails.

Change History (5)

comment:1 by k_bx, 12 years ago

Cc: k_bx added

comment:2 by Luke Plant, 12 years ago

Triage Stage: UnreviewedAccepted

I haven't tested, but it sounds plausible.

comment:3 by Aymeric Augustin, 12 years ago

Component: UncategorizedHTTP handling
Type: UncategorizedBug

comment:4 by fred, 11 years ago

Cc: fred added
Owner: changed from nobody to fred
Status: newassigned

I can confirm the following behavior in 1.7.dev20130628193320, using the following view:

from django.views.decorators.csrf import csrf_exempt
from django.views.generic import View
from django.http import HttpResponse


class IndexView(View):
    def post(self, request):                                                                                                                                                                                
        return HttpResponse(bool(request.POST._mutable))

    @csrf_exempt
    def dispatch(self, *args, **kwargs):
        return super(IndexView, self).dispatch(*args, **kwargs)

The behavior is as follows:

  • When this view is called with a POST of type application/x-www-form-urlencoded, it returns "False" (the POST is mutable).
  • When this view is called with a POST of type multipart/form-data POST, it returns "True".
  • Likewise, when calling the view through self.client.post('/view'), it returns "True". This confirms that the bug may lead to code that passes tests and fails in production.

I'd like to further look into this issue.

Version 0, edited 11 years ago by fred (next)

comment:5 by Claude Paroz, 11 years ago

Resolution: duplicate
Status: assignedclosed

Duplicate of #17235

Note: See TracTickets for help on using tickets.
Back to Top