diff options
| author | Claude Paroz <claude@2xlibre.net> | 2014-11-21 21:47:46 +0100 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2014-11-22 14:23:37 +0100 |
| commit | b38637d5813f014fbe3e031253a166c208c387e1 (patch) | |
| tree | 603bcadab0dba638a06b33c9c4aa51c7436441d1 /tests/handlers | |
| parent | b0a58b9085b0836a92e5a4ad72671936119fe1ba (diff) | |
| download | django-b38637d5813f014fbe3e031253a166c208c387e1.tar.gz | |
Fixed #23887 -- Returned Bad Request for multipart parsing fails
Thanks Antti Häyrynen and Tim Graham for the report, and Aymeric
Augustin for the review.
Diffstat (limited to 'tests/handlers')
| -rw-r--r-- | tests/handlers/tests.py | 13 | ||||
| -rw-r--r-- | tests/handlers/urls.py | 1 | ||||
| -rw-r--r-- | tests/handlers/views.py | 7 |
3 files changed, 21 insertions, 0 deletions
diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py index f574418ae2..a543513a25 100644 --- a/tests/handlers/tests.py +++ b/tests/handlers/tests.py @@ -93,6 +93,19 @@ class HandlerTests(TestCase): # latest versions. self.assertIsInstance(request.COOKIES, dict) + @override_settings(ROOT_URLCONF='handlers.urls') + def test_invalid_multipart_boundary(self): + """ + Invalid boundary string should produce a "Bad Request" response, not a + server error (#23887). + """ + environ = RequestFactory().post('/malformed_post/').environ + environ['CONTENT_TYPE'] = 'multipart/form-data; boundary=WRONG\x07' + handler = WSGIHandler() + response = handler(environ, lambda *a, **k: None) + # Expect "bad request" response + self.assertEqual(response.status_code, 400) + @override_settings(ROOT_URLCONF='handlers.urls') class TransactionsPerRequestTests(TransactionTestCase): diff --git a/tests/handlers/urls.py b/tests/handlers/urls.py index dd8895aa1a..ad46ef6f03 100644 --- a/tests/handlers/urls.py +++ b/tests/handlers/urls.py @@ -10,4 +10,5 @@ urlpatterns = [ url(r'^in_transaction/$', views.in_transaction), url(r'^not_in_transaction/$', views.not_in_transaction), url(r'^suspicious/$', views.suspicious), + url(r'^malformed_post/$', views.malformed_post), ] diff --git a/tests/handlers/views.py b/tests/handlers/views.py index 84cac97e62..4004dfe033 100644 --- a/tests/handlers/views.py +++ b/tests/handlers/views.py @@ -3,6 +3,7 @@ from __future__ import unicode_literals from django.core.exceptions import SuspiciousOperation from django.db import connection, transaction from django.http import HttpResponse, StreamingHttpResponse +from django.views.decorators.csrf import csrf_exempt def regular(request): @@ -24,3 +25,9 @@ def not_in_transaction(request): def suspicious(request): raise SuspiciousOperation('dubious') + + +@csrf_exempt +def malformed_post(request): + request.POST + return HttpResponse() |