#30737: Incorrectly encoded headers can yield uncaught UnicodeDecodeError -----------------------------------------+------------------------ Reporter: Mark Gordon | Owner: nobody Type: Bug | Status: new Component: Uncategorized | Version: 2.2 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 1 UI/UX: 0 | -----------------------------------------+------------------------ Sending a post with a Content-Type header that contains non-ascii characters will cause a UnicodeDecodeError to be raised and uncaught resulting in a 500 error rather than handling the issue and giving a 400 as would be appropriate.
Make such an erronous request with something like: {{{ curl -d '' -H 'Content-Type: application/€' http://django-server/ }}} Raises the below exception/stack trace {{{ UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 12: ordinal not in range(128) (15 additional frame(s) were not displayed) ... File "rest_framework/request.py", line 427, in POST self._load_data_and_files() File "rest_framework/request.py", line 275, in _load_data_and_files self._data, self._files = self._parse() File "rest_framework/request.py", line 337, in _parse if media_type and is_form_media_type(media_type): File "rest_framework/request.py", line 32, in is_form_media_type base_media_type, params = parse_header(media_type.encode(HTTP_HEADER_ENCODING)) File "django/http/multipartparser.py", line 652, in parse_header key = plist.pop(0).lower().decode('ascii') }}} -- Ticket URL: <https://code.djangoproject.com/ticket/30737> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/049.ee0590b1402d101eed8825fad23c8a32%40djangoproject.com.