[1.7.x] Fixed #23638 -- Prevented crash while parsing invalid cookie content

Thanks Philip Gatt for the report and Tim Graham for the review.
Backport of 59d487e7fc from master.
This commit is contained in:
Claude Paroz 2014-10-12 20:53:19 +02:00
parent bc13a08f89
commit 6398ebab93
3 changed files with 14 additions and 1 deletions

View File

@ -259,4 +259,4 @@ def get_str_from_wsgi(environ, key, default):
"""
value = environ.get(str(key), str(default))
# Same comment as above
return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8)
return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8, errors='replace')

View File

@ -116,3 +116,6 @@ Bugfixes
* Fixed generic relations in ``ModelAdmin.list_filter`` (:ticket:`23616`).
* Restored RFC compliance for the SMTP backend on Python 3 (:ticket:`23063`).
* Fixed a crash while parsing cookies containing invalid content
(:ticket:`23638`).

View File

@ -80,6 +80,16 @@ class HandlerTests(TestCase):
# much more work than fixing #20557. Feel free to remove force_str()!
self.assertEqual(request.COOKIES['want'], force_str("café"))
def test_invalid_unicode_cookie(self):
"""
Invalid cookie content should result in an absent cookie, but not in a
crash while trying to decode it (#23638).
"""
environ = RequestFactory().get('/').environ
environ['HTTP_COOKIE'] = 'x=W\x03c(h]\x8e'
request = WSGIRequest(environ)
self.assertEqual(request.COOKIES, {})
class TransactionsPerRequestTests(TransactionTestCase):