mirror of https://github.com/django/django.git
[1.8.x] Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
Thanks Tom Christie for the report and review.
Backport of ac650d02cb
from master.
This commit is contained in:
parent
29fa0e3c66
commit
7cc1b4710e
|
@ -643,7 +643,8 @@ def parse_header(line):
|
||||||
# Lang/encoding embedded in the value (like "filename*=UTF-8''file.ext")
|
# Lang/encoding embedded in the value (like "filename*=UTF-8''file.ext")
|
||||||
# http://tools.ietf.org/html/rfc2231#section-4
|
# http://tools.ietf.org/html/rfc2231#section-4
|
||||||
name = name[:-1]
|
name = name[:-1]
|
||||||
has_encoding = True
|
if p.count(b"'") == 2:
|
||||||
|
has_encoding = True
|
||||||
value = p[i + 1:].strip()
|
value = p[i + 1:].strip()
|
||||||
if has_encoding:
|
if has_encoding:
|
||||||
encoding, lang, value = value.split(b"'")
|
encoding, lang, value = value.split(b"'")
|
||||||
|
|
|
@ -584,3 +584,20 @@ class MultiParserTests(unittest.TestCase):
|
||||||
for raw_line, expected_title in test_data:
|
for raw_line, expected_title in test_data:
|
||||||
parsed = parse_header(raw_line)
|
parsed = parse_header(raw_line)
|
||||||
self.assertEqual(parsed[1]['title'], expected_title)
|
self.assertEqual(parsed[1]['title'], expected_title)
|
||||||
|
|
||||||
|
def test_rfc2231_wrong_title(self):
|
||||||
|
"""
|
||||||
|
Test wrongly formatted RFC 2231 headers (missing double single quotes).
|
||||||
|
Parsing should not crash (#24209).
|
||||||
|
"""
|
||||||
|
test_data = (
|
||||||
|
(b"Content-Type: application/x-stuff; title*='This%20is%20%2A%2A%2Afun%2A%2A%2A",
|
||||||
|
b"'This%20is%20%2A%2A%2Afun%2A%2A%2A"),
|
||||||
|
(b"Content-Type: application/x-stuff; title*='foo.html",
|
||||||
|
b"'foo.html"),
|
||||||
|
(b"Content-Type: application/x-stuff; title*=bar.html",
|
||||||
|
b"bar.html"),
|
||||||
|
)
|
||||||
|
for raw_line, expected_title in test_data:
|
||||||
|
parsed = parse_header(raw_line)
|
||||||
|
self.assertEqual(parsed[1]['title'], expected_title)
|
||||||
|
|
Loading…
Reference in New Issue