[Django] #21282: The serialize_headers method of HttpResponse fails to handle latin1-compatible values

Thu, 17 Oct 2013 03:06:38 -0700 

#21282: The serialize_headers method of HttpResponse fails to handle
latin1-compatible values
-------------------------------+----------------------------------
     Reporter:  xelnor         |      Owner:  nobody
         Type:  Bug            |     Status:  new
    Component:  HTTP handling  |    Version:  1.4
     Severity:  Normal         |   Keywords:  http header encoding
 Triage Stage:  Unreviewed     |  Has patch:  1
Easy pickings:  0              |      UI/UX:  0
-------------------------------+----------------------------------
 If a header value (passed as unicode) contains only ascii data,
 `serialize_headers()` doesn't fail
 If it contains characters that can't be encoded in latin1,
 `serialize_headers()` doesn't fail
 If it contains only characters valid in latin1, including some outside the
 ascii range, `serialize_headers()` fails with a `UnicodeDecodeError`.

 The culprit seems to lie on line 132 of `django/http/response.py`: that
 line calls `('%s: %s' % (key, value)).encode('us-ascii')`, but at this
 point, key is ascii bytes and value is a bytes array containing either
 latin1-encoded text or mime-encoded utf8 text.

 Since we're using `unicode_literals`, Python tries
 `value.decode('ascii')`, which fails if, and only if, value contains
 latin1 characters outside the ascii range.

 I have attached a patch containing both a test exhibiting the issue and a
 patch fixing it (no test failure).

 Note: This is not a release blocker, since the `serialize_headers()` and
 its callers (`serialize()` and `__str__()`) aren't used while answering
 requests.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/21282>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/049.699d868ba0b74fad68a42da743fc2e78%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to