Opened 12 years ago
Closed 11 years ago
#18553 closed Bug (duplicate)
Django multipart parser creates mutable QueryDict
Reported by: | k_bx | Owned by: | fred |
---|---|---|---|
Component: | HTTP handling | Version: | 1.4 |
Severity: | Normal | Keywords: | |
Cc: | k_bx, fred | Triage Stage: | Accepted |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
When you send multipart request (which, unfortunately, is sent every time your testclient does POST-request https://code.djangoproject.com/ticket/18552 ), your view will get request.POST to be QueryDict with request.POST._mutable == True.
This caused me to write test that passes (sends POST-request and modifies request.POST in view), but production that fails.
Change History (5)
comment:1 by , 12 years ago
Cc: | added |
---|
comment:2 by , 12 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:3 by , 12 years ago
Component: | Uncategorized → HTTP handling |
---|---|
Type: | Uncategorized → Bug |
comment:4 by , 11 years ago
Cc: | added |
---|---|
Owner: | changed from | to
Status: | new → assigned |
I can confirm the following behavior in 1.7.dev20130628193320, using the following view:
from django.views.decorators.csrf import csrf_exempt from django.views.generic import View from django.http import HttpResponse class IndexView(View): def post(self, request): return HttpResponse(bool(request.POST._mutable)) @csrf_exempt def dispatch(self, *args, **kwargs): return super(IndexView, self).dispatch(*args, **kwargs)
The behavior is as follows:
- When this view is called with a POST of type application/x-www-form-urlencoded, it returns "False" (the POST is mutable).
- When this view is called with a POST of type multipart/form-data POST, it returns "True".
- Likewise, when calling the view through
self.client.post('/view')
, it returns "True". This confirms that the bug may lead to code that passes tests and fails in production.
I'd like to further look into this issue.
I haven't tested, but it sounds plausible.