Fixed #14812 -- Made parsing of the If-Modified-Since HTTP header more robust in presence of malformed values when serving static content. Thanks shaohua for the report, and alexey.smolsky@gmail.com for a similar report and patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14753 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/staticfiles/views.py

@@ -150,7 +150,10 @@ def was_modified_since(header=None, mtime=0, size=0):
             raise ValueError
         matches = re.match(r"^([^;]+)(; length=([0-9]+))?$", header,
                            re.IGNORECASE)
-        header_mtime = mktime_tz(parsedate_tz(matches.group(1)))
+        header_date = parsedate_tz(matches.group(1))
+        if header_date is None:
+            raise ValueError
+        header_mtime = mktime_tz(header_date)
         header_len = matches.group(3)
         if header_len and int(header_len) != size:
             raise ValueError

tests/regressiontests/views/tests/static.py

@@ -69,3 +69,17 @@ class StaticTests(TestCase):
         self.assertEquals(len(response.content),
                           int(response['Content-Length']))
 
+    def test_invalid_if_modified_since2(self):
+        """Handle even more bogus If-Modified-Since values gracefully
+
+        Assume that a file is modified since an invalid timestamp as per RFC
+        2616, section 14.25.
+        """
+        file_name = 'file.txt'
+        invalid_date = ': 1291108438, Wed, 20 Oct 2010 14:05:00 GMT'
+        response = self.client.get('/views/site_media/%s' % file_name,
+                                   HTTP_IF_MODIFIED_SINCE=invalid_date)
+        file = open(path.join(media_dir, file_name))
+        self.assertEquals(file.read(), response.content)
+        self.assertEquals(len(response.content),
+                          int(response['Content-Length']))