[Django] #30227: POST "multipart/form-data" without "boundary" causes AttributeError

Thu, 28 Feb 2019 23:52:07 -0800 

#30227: POST "multipart/form-data" without "boundary" causes AttributeError
-------------------------------------+-------------------------------------
               Reporter:             |          Owner:  nobody
  chenzhuoyu                         |
                   Type:  Bug        |         Status:  new
              Component:  HTTP       |        Version:  2.1
  handling                           |
               Severity:  Normal     |       Keywords:  multipart, boundary
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 `curl -sv http://example.com/my_api/ -XPOST -H 'Content-Type: multipart
 /form-data'`

 This causes an "500 Internal Server Error", which is supposed to be "400
 Bad Request".

 Traceback with sensitive information removed:

 {{{
 Traceback (most recent call last):
   ...
   File ".../site-packages/django/core/handlers/wsgi.py", line 111, in
 _get_post
     self._load_post_and_files()
   File ".../site-packages/django/http/request.py", line 310, in
 _load_post_and_files
     self._post, self._files = self.parse_file_upload(self.META, data)
   File ".../site-packages/django/http/request.py", line 268, in
 parse_file_upload
     parser = MultiPartParser(META, post_data, self.upload_handlers,
 self.encoding)
   File ".../site-packages/django/http/multipartparser.py", line 72, in
 __init__
     raise MultiPartParserError('Invalid boundary in multipart: %s' %
 boundary.decode())
 AttributeError: 'NoneType' object has no attribute 'decode'
 }}}

 Possible fix:

 Replace `boundary.decode()` at `django/http/multipartparser.py:72` with
 `force_text(boundary, errors="replace")`

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30227>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/053.cf3b2c87b52a8bca2990922ea810bdf9%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to