Opened 8 years ago

Closed 8 years ago

#28276 closed Bug (duplicate)

debug.py loops over QueryDict['items'] instead of QueryDict.items()

Reported by: victor felder Owned by: nobody
Component: Error reporting Version: 1.10
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Posting a dict with a key named items to a view that triggers django/views/debug.py crashes because of a confusion between QueryDict.items() and QueryDict['items'].

  1. If the POST QueryDict contains an items key at the time the Django debug view gets rendered, Django 1.10 crashes because the for-loop supposed to display the POST QueryDict in the Django debug view will not be able to unpack the items key into k, v.
  2. It happens on this line: https://github.com/django/django/blob/e75c188d1cd4ddae2726fe6db001f9e9d693b032/django/views/debug.py#L1119 (this links to this file in release 1.10.7)
  3. for k, v in filtered_POST.items is supposed to iterate over QueryDirect items() but when rendered in the TECHNICAL_500_TEXT_TEMPLATE via .render(), it iterates over the content of the QueryDict items key instead.

What I post from a unit test case:

        response = self.client.post(
            reverse('foobar'),
            {
                'foo': '',
                'items': [1]
            }
        )

(Note that the view this is posting to will raise, triggering the render of Django's debug.py.)

What I get when I print c['filtered_POST'] right before this line: https://github.com/django/django/blob/e75c188d1cd4ddae2726fe6db001f9e9d693b032/django/views/debug.py#L335:

    <QueryDict: {u'items': [u'1'], u'foo': [u'']}>

The errors I get:

Django 1.10.7:

    ValueError: Need 2 values to unpack in for loop; got 1.

Django 1.9

same issue with a warning instead of crashing, for obvious reasons:

    RemovedInDjango110Warning: Need 2 values to unpack in for loop; got 1.
    This will raise an exception in Django 1.10.

Python version I'm using:

Python 2.7.13 (default, Dec 18 2016, 07:03:39)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin

Change History (1)

comment:1 by Tim Graham, 8 years ago

Component: UncategorizedError reporting
Resolution: duplicate
Status: newclosed

Duplicate of #27191, fixed in Django 1.11.

Note: See TracTickets for help on using tickets.
Back to Top