Opened 9 years ago
Closed 9 years ago
#26669 closed Bug (worksforme)
UnicodeDecodeError with non-ASCII string in 'Content-Type' header
Reported by: | karech | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | 1.8 |
Severity: | Normal | Keywords: | UnicodeDecodeError request META CONTENT_TYPE Content-Type |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
If someone sends POST request with headers containing non-ASCII value for 'Content-Type', then django raises UnicodeDecodeError.
Traceback (most recent call last): File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run self.result = application(self.environ, self.start_response) File "/usr/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__ return self.application(environ, start_response) File "/usr/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 189, in __call__ response = self.get_response(request) File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 218, in get_response response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 261, in handle_uncaught_exception return debug.technical_500_response(request, *exc_info) File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 97, in technical_500_response html = reporter.get_traceback_html() File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 383, in get_traceback_html c = Context(self.get_traceback_data(), use_l10n=False) File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 328, in get_traceback_data frames = self.get_traceback_frames() File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 501, in get_traceback_frames 'vars': self.filter.get_traceback_frame_variables(self.request, tb.tb_frame), File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 234, in get_traceback_frame_variables cleansed[name] = self.cleanse_special_types(request, value) File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 191, in cleanse_special_types value = self.get_request_repr(value) File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 122, in get_request_repr return build_request_repr(request, POST_override=self.get_post_parameters(request)) File "/usr/lib/python2.7/site-packages/django/views/debug.py", line 186, in get_post_parameters return request.POST File "/usr/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 137, in _get_post self._load_post_and_files() File "/usr/lib/python2.7/site-packages/django/http/request.py", line 253, in _load_post_and_files if self.META.get('CONTENT_TYPE', '').startswith('multipart/form-data'): UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 0: ordinal not in range(128)
How reproduce:
import requests url = 'http://somesite.com/view_with_post_method' headers = {'Content-Type': b'\xf0'} requests.post(url, headers=headers)
Note:
See TracTickets
for help on using tickets.
Perhaps there's something missing in the report but I can't reproduce a crash. Perhaps you could provide a test for Django's test suite instead?