Commit 6398ebab authored by Claude Paroz's avatar Claude Paroz
Browse files

[1.7.x] Fixed #23638 -- Prevented crash while parsing invalid cookie content 

Thanks Philip Gatt for the report and Tim Graham for the review.
Backport of 59d487e7 from master.
parent bc13a08f

django/core/handlers/wsgi.py

+1 −1
Original line number Diff line number Diff line
@@ -259,4 +259,4 @@ def get_str_from_wsgi(environ, key, default): 
    """

    value = environ.get(str(key), str(default))

    # Same comment as above

    return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8)
 
    return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8, errors='replace')

docs/releases/1.7.1.txt

+3 −0
Original line number Diff line number Diff line
@@ -116,3 +116,6 @@ Bugfixes 
* Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`).



* Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`).



* Fixed a crash while parsing cookies containing invalid content

  (:ticket:`23638`).

tests/handlers/tests.py

+10 −0
Original line number Diff line number Diff line
@@ -80,6 +80,16 @@ class HandlerTests(TestCase): 
        # much more work than fixing #20557. Feel free to remove force_str()!

        self.assertEqual(request.COOKIES['want'], force_str("café"))



    def test_invalid_unicode_cookie(self):

        """

        Invalid cookie content should result in an absent cookie, but not in a

        crash while trying to decode it (#23638).

        """

        environ = RequestFactory().get('/').environ

        environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e'

        request = WSGIRequest(environ)

        self.assertEqual(request.COOKIES, {})





class TransactionsPerRequestTests(TransactionTestCase):