Re: [Django] #35673: ExceptionReporter.get_traceback_data() does not handle when request.GET data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS (was: When URL has 1000+ query parameters, and DEBUG=True, Django does not generate the error page correctly)
4 views
Skip to first unread message
Django
Aug 13, 2024, 10:45:44 AM8/13/24
to django-...@googlegroups.com
#35673: ExceptionReporter.get_traceback_data() does not handle when request.GET
data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
---------------------------------+------------------------------------
Reporter: Pēteris Caune | Owner: (none)
Type: Bug | Status: new
Component: Error reporting | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Changes (by Sarah Boyce):
* stage: Unreviewed => Accepted
* summary:
When URL has 1000+ query parameters, and DEBUG=True, Django does not
generate the error page correctly
=>
ExceptionReporter.get_traceback_data() does not handle when
request.GET data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
Comment:
Thank you!
Here's a rough test
{{{#!diff
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -461,6 +461,12 @@ class DebugViewTests(SimpleTestCase):
response = self.client.get("/raises500/", headers={"accept":
"text/plain"})
self.assertContains(response, "Oh dear, an error occurred!",
status_code=500)
+ @override_settings(DATA_UPLOAD_MAX_NUMBER_FIELDS=1)
+ def test_max_number_of_fields_exceeded(self):
+ with self.assertLogs("django.security", "WARNING"):
+ response = self.client.get("", query_params={"a": [1, 2]})
+ self.assertContains(response, '<div class="context" id="',
status_code=400)
+
class DebugViewQueriesAllowedTests(SimpleTestCase):
# May need a query to initialize MySQL connection
diff --git a/tests/view_tests/views.py b/tests/view_tests/views.py
index 9eb7a352d6..f9fc2241a3 100644
--- a/tests/view_tests/views.py
+++ b/tests/view_tests/views.py
@@ -22,6 +22,7 @@ TEMPLATES_PATH = Path(__file__).resolve().parent /
"templates"
def index_page(request):
"""Dummy index page"""
+ request.GET.getlist("a")
return HttpResponse("<html><body>Dummy page</body></html>")
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35673#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
---------------------------------+------------------------------------
Reporter: Pēteris Caune | Owner: (none)
Type: Bug | Status: new
Component: Error reporting | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Changes (by Sarah Boyce):
* stage: Unreviewed => Accepted
* summary:
When URL has 1000+ query parameters, and DEBUG=True, Django does not
generate the error page correctly
=>
ExceptionReporter.get_traceback_data() does not handle when
request.GET data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
Comment:
Thank you!
Here's a rough test
{{{#!diff
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -461,6 +461,12 @@ class DebugViewTests(SimpleTestCase):
response = self.client.get("/raises500/", headers={"accept":
"text/plain"})
self.assertContains(response, "Oh dear, an error occurred!",
status_code=500)
+ @override_settings(DATA_UPLOAD_MAX_NUMBER_FIELDS=1)
+ def test_max_number_of_fields_exceeded(self):
+ with self.assertLogs("django.security", "WARNING"):
+ response = self.client.get("", query_params={"a": [1, 2]})
+ self.assertContains(response, '<div class="context" id="',
status_code=400)
+
class DebugViewQueriesAllowedTests(SimpleTestCase):
# May need a query to initialize MySQL connection
diff --git a/tests/view_tests/views.py b/tests/view_tests/views.py
index 9eb7a352d6..f9fc2241a3 100644
--- a/tests/view_tests/views.py
+++ b/tests/view_tests/views.py
@@ -22,6 +22,7 @@ TEMPLATES_PATH = Path(__file__).resolve().parent /
"templates"
def index_page(request):
"""Dummy index page"""
+ request.GET.getlist("a")
return HttpResponse("<html><body>Dummy page</body></html>")
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35673#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages