#10819: Do not limit input data in multipartparser by content-length (in parse()) ----------------------------------+----------------------------------------- Reporter: asta...@berkeley.edu | Owner: nobody Status: new | Milestone: Component: HTTP handling | Version: 1.0 Keywords: | Stage: Unreviewed Has_patch: 0 | ----------------------------------+----------------------------------------- Currently, Django's multipart parser attempts to constrain the input stream by the content_length provided in the input request.
This is incorrect behavior; Content-Length only represents the post- processed message body and should NOT be used at this level (where unknown processing may have been done by middleware or apache sites). See RFC 2616 Section 14.13 for more detail: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html A specific example of where this errors is when the client submits gzip'd requests. mod_deflate will uncompress it, but it (correctly) does not change content_length; consequently, the multipart parser truncates the decompressed data. See http://httpd.apache.org/docs/2.0/mod/mod_deflate.html for more detail (If you evaluate the request body yourself, don't trust the Content-Length header! The Content-Length header reflects the length of the incoming data from the client and not the byte count of the decompressed data stream.) See http://issues.apache.org/jira/browse/XMLRPC-153 for a good discussion on this. -- Ticket URL: <http://code.djangoproject.com/ticket/10819> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
