Fixed #27191 -- Fixed debug view crash for requests with 'items' in GET/POST/COOKIES/FILES.

2016-09-07 14:09:45 +03:00 · 2016-09-07 14:09:45 +03:00 · 7b6dccc82f
parent 2b64ff68cc
commit 7b6dccc82f
2 changed files with 92 additions and 18 deletions
--- a/django/views/debug.py
+++ b/django/views/debug.py
@ -290,7 +290,7 @@ class ExceptionReporter(object):
            'unicode_hint': unicode_hint,
            'frames': frames,
            'request': self.request,
-            'filtered_POST': self.filter.get_post_parameters(self.request),
+            'filtered_POST_items': self.filter.get_post_parameters(self.request).items(),
            'settings': get_safe_settings(),
            'sys_executable': sys.executable,
            'sys_version_info': '%d.%d.%d' % sys.version_info[0:3],
@ -301,6 +301,10 @@ class ExceptionReporter(object):
            'template_does_not_exist': self.template_does_not_exist,
            'postmortem': self.postmortem,
        }
+        if self.request is not None:
+            c['request_GET_items'] = self.request.GET.items()
+            c['request_FILES_items'] = self.request.FILES.items()
+            c['request_COOKIES_items'] = self.request.COOKIES.items()
        # Check whether exception info is available
        if self.exc_type:
            c['exception_type'] = self.exc_type.__name__
@ -913,10 +917,10 @@ Exception Value: {{ exception_value|force_escape }}
        </tr>
      </thead>
      <tbody>
-        {% for var in request.GET.items %}
+        {% for k, v in request_GET_items %}
          <tr>
-            <td>{{ var.0 }}</td>
-            <td class="code"><pre>{{ var.1|pprint }}</pre></td>
+            <td>{{ k }}</td>
+            <td class="code"><pre>{{ v|pprint }}</pre></td>
          </tr>
        {% endfor %}
      </tbody>
@ -926,7 +930,7 @@ Exception Value: {{ exception_value|force_escape }}
  {% endif %}

  <h3 id="post-info">POST</h3>
-  {% if filtered_POST %}
+  {% if filtered_POST_items %}
    <table class="req">
      <thead>
        <tr>
@ -935,10 +939,10 @@ Exception Value: {{ exception_value|force_escape }}
        </tr>
      </thead>
      <tbody>
-        {% for var in filtered_POST.items %}
+        {% for k, v in filtered_POST_items %}
          <tr>
-            <td>{{ var.0 }}</td>
-            <td class="code"><pre>{{ var.1|pprint }}</pre></td>
+            <td>{{ k }}</td>
+            <td class="code"><pre>{{ v|pprint }}</pre></td>
          </tr>
        {% endfor %}
      </tbody>
@ -956,10 +960,10 @@ Exception Value: {{ exception_value|force_escape }}
            </tr>
        </thead>
        <tbody>
-            {% for var in request.FILES.items %}
+            {% for k, v in request_FILES_items %}
                <tr>
-                    <td>{{ var.0 }}</td>
-                    <td class="code"><pre>{{ var.1|pprint }}</pre></td>
+                    <td>{{ k }}</td>
+                    <td class="code"><pre>{{ v|pprint }}</pre></td>
                </tr>
            {% endfor %}
        </tbody>
@ -979,10 +983,10 @@ Exception Value: {{ exception_value|force_escape }}
        </tr>
      </thead>
      <tbody>
-        {% for var in request.COOKIES.items %}
+        {% for k, v in request_COOKIES_items %}
          <tr>
-            <td>{{ var.0 }}</td>
-            <td class="code"><pre>{{ var.1|pprint }}</pre></td>
+            <td>{{ k }}</td>
+            <td class="code"><pre>{{ v|pprint }}</pre></td>
          </tr>
        {% endfor %}
      </tbody>
@ -1101,16 +1105,16 @@ File "{{ frame.filename }}" in {{ frame.function }}
 {% if request %}Request information:
 {% if request.user %}USER: {{ request.user }}{% endif %}

-GET:{% for k, v in request.GET.items %}
+GET:{% for k, v in request_GET_items %}
 {{ k }} = {{ v|stringformat:"r" }}{% empty %} No GET data{% endfor %}

-POST:{% for k, v in filtered_POST.items %}
+POST:{% for k, v in filtered_POST_items %}
 {{ k }} = {{ v|stringformat:"r" }}{% empty %} No POST data{% endfor %}

-FILES:{% for k, v in request.FILES.items %}
+FILES:{% for k, v in request_FILES_items %}
 {{ k }} = {{ v|stringformat:"r" }}{% empty %} No FILES data{% endfor %}

-COOKIES:{% for k, v in request.COOKIES.items %}
+COOKIES:{% for k, v in request_COOKIES_items %}
 {{ k }} = {{ v|stringformat:"r" }}{% empty %} No cookie data{% endfor %}

 META:{% for k, v in request.META.items|dictsort:0 %}
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@ -464,6 +464,43 @@ class ExceptionReporterTests(SimpleTestCase):
        html = reporter.get_traceback_html()
        self.assertIn("http://evil.com/", html)

+    def test_request_with_items_key(self):
+        """
+        An exception report can be generated for requests with 'items' in
+        request GET, POST, FILES, or COOKIES QueryDicts.
+        """
+        if six.PY3:
+            value = '<td>items</td><td class="code"><pre>&#39;Oops&#39;</pre></td>'
+        else:
+            value = '<td>items</td><td class="code"><pre>u&#39;Oops&#39;</pre></td>'
+        # GET
+        request = self.rf.get('/test_view/?items=Oops')
+        reporter = ExceptionReporter(request, None, None, None)
+        html = reporter.get_traceback_html()
+        self.assertInHTML(value, html)
+        # POST
+        request = self.rf.post('/test_view/', data={'items': 'Oops'})
+        reporter = ExceptionReporter(request, None, None, None)
+        html = reporter.get_traceback_html()
+        self.assertInHTML(value, html)
+        # FILES
+        fp = six.StringIO('filecontent')
+        request = self.rf.post('/test_view/', data={'name': 'filename', 'items': fp})
+        reporter = ExceptionReporter(request, None, None, None)
+        html = reporter.get_traceback_html()
+        self.assertInHTML(
+            '<td>items</td><td class="code"><pre>&lt;InMemoryUploadedFile: '
+            'items (application/octet-stream)&gt;</pre></td>',
+            html
+        )
+        # COOKES
+        rf = RequestFactory()
+        rf.cookies['items'] = 'Oops'
+        request = rf.get('/test_view/')
+        reporter = ExceptionReporter(request, None, None, None)
+        html = reporter.get_traceback_html()
+        self.assertInHTML('<td>items</td><td class="code"><pre>&#39;Oops&#39;</pre></td>', html)
+

 class PlainTextReportTests(SimpleTestCase):
    rf = RequestFactory()
@ -519,6 +556,39 @@ class PlainTextReportTests(SimpleTestCase):
        reporter = ExceptionReporter(request, None, "I'm a little teapot", None)
        reporter.get_traceback_text()

+    def test_request_with_items_key(self):
+        """
+        An exception report can be generated for requests with 'items' in
+        request GET, POST, FILES, or COOKIES QueryDicts.
+        """
+        if six.PY3:
+            value = "items = 'Oops'"
+        else:
+            value = "items = u'Oops'"
+        # GET
+        request = self.rf.get('/test_view/?items=Oops')
+        reporter = ExceptionReporter(request, None, None, None)
+        text = reporter.get_traceback_text()
+        self.assertIn(value, text)
+        # POST
+        request = self.rf.post('/test_view/', data={'items': 'Oops'})
+        reporter = ExceptionReporter(request, None, None, None)
+        text = reporter.get_traceback_text()
+        self.assertIn(value, text)
+        # FILES
+        fp = six.StringIO('filecontent')
+        request = self.rf.post('/test_view/', data={'name': 'filename', 'items': fp})
+        reporter = ExceptionReporter(request, None, None, None)
+        text = reporter.get_traceback_text()
+        self.assertIn('items = <InMemoryUploadedFile:', text)
+        # COOKES
+        rf = RequestFactory()
+        rf.cookies['items'] = 'Oops'
+        request = rf.get('/test_view/')
+        reporter = ExceptionReporter(request, None, None, None)
+        text = reporter.get_traceback_text()
+        self.assertIn("items = 'Oops'", text)
+
    def test_message_only(self):
        reporter = ExceptionReporter(None, None, "I'm a little teapot", None)
        reporter.get_traceback_text()