Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[wsgi] If multipart cannot parse the POST content, let it pass.
authorChristophe de Vienne <christophe@unlish.com>
Mon, 15 Sep 2014 17:23:22 +0200
changeset 9995 c9f1111e0ee8
parent 9994 12a97d1c6015
child 9996 65bb21409292
[wsgi] If multipart cannot parse the POST content, let it pass. multipart can only parse html form data. It the content_type is, for example, "application/json", get_posted_data should not fail but just stop trying to read the content. Closes #4421845
wsgi/request.py file | annotate | diff | comparison | revisions
wsgi/test/unittest_wsgi.py file | annotate | diff | comparison | revisions 
--- a/wsgi/request.py	Mon Sep 01 14:56:00 2014 +0200
+++ b/wsgi/request.py	Mon Sep 15 17:23:22 2014 +0200
@@ -32,7 +32,9 @@
 from urlparse import parse_qs
 from warnings import warn
 
-from cubicweb.multipart import copy_file, parse_form_data
+from cubicweb.multipart import (
+    copy_file, parse_form_data, MultipartError, parse_options_header)
+from cubicweb.web import RequestError
 from cubicweb.web.request import CubicWebRequestBase
 from cubicweb.wsgi import pformat, normalize_header
 
@@ -148,9 +150,18 @@
         post = parse_qs(self.environ.get('QUERY_STRING', ''))
         files = None
         if self.method == 'POST':
-            forms, files = parse_form_data(self.environ, strict=True,
-                                           mem_limit=self.vreg.config['max-post-length'])
-            post.update(forms.dict)
+            content_type = self.environ.get('CONTENT_TYPE')
+            if not content_type:
+                raise RequestError("Missing Content-Type")
+            content_type, options = parse_options_header(content_type)
+            if content_type in (
+                    'multipart/form-data',
+                    'application/x-www-form-urlencoded',
+                    'application/x-url-encoded'):
+                forms, files = parse_form_data(
+                    self.environ, strict=True,
+                    mem_limit=self.vreg.config['max-post-length'])
+                post.update(forms.dict)
         self.content.seek(0, 0)
         return post, files
 
--- a/wsgi/test/unittest_wsgi.py	Mon Sep 01 14:56:00 2014 +0200
+++ b/wsgi/test/unittest_wsgi.py	Mon Sep 15 17:23:22 2014 +0200
@@ -6,6 +6,7 @@
 from cubicweb.devtools.webtest import CubicWebTestTC
 
 from cubicweb.wsgi.request import CubicWebWsgiRequest
+from cubicweb.multipart import MultipartError
 
 
 class WSGIAppTC(CubicWebTestTC):
@@ -66,6 +67,19 @@
             '/',
             params={'__login': self.admlogin, '__password': self.admpassword})
 
+    def test_post_bad_form(self):
+        with self.assertRaises(MultipartError):
+            self.webapp.post(
+                '/',
+                params='badcontent',
+                headers={'Content-Type': 'multipart/form-data'})
+
+    def test_post_non_form(self):
+        self.webapp.post(
+            '/',
+            params='{}',
+            headers={'Content-Type': 'application/json'})
+
     def test_get_multiple_variables(self):
         r = webtest.app.TestRequest.blank('/?arg=1&arg=2')
         req = CubicWebWsgiRequest(r.environ, self.vreg)
cubicweb