[Django] #23638: Django raises exceptions on unicode in cookies/headers
Django
-------------------------------+--------------------
Reporter: defcube | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
I'm am cleaning up my random errors on `conjurorthegame.com`, and this one
has me stumped. Should I build a custom error emailer that ignores these,
or is it something django should fix?
{{{
Internal Server Error: /join1/
Traceback (most recent call last):
File "/home/exotic/.pyenv/versions/3.4.1/lib/python3.4/site-
packages/django/core/handlers/base.py", line 87, in get_response
response = middleware_method(request)
File "/home/exotic/.pyenv/versions/3.4.1/lib/python3.4/site-
packages/django/contrib/sessions/middleware.py", line 15, in
process_request
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
File "/home/exotic/.pyenv/versions/3.4.1/lib/python3.4/site-
packages/django/utils/functional.py", line 55, in __get__
res = instance.__dict__[self.func.__name__] = self.func(instance)
File "/home/exotic/.pyenv/versions/3.4.1/lib/python3.4/site-
packages/django/core/handlers/wsgi.py", line 143, in COOKIES
raw_cookie = get_str_from_wsgi(self.environ, 'HTTP_COOKIE', '')
File "/home/exotic/.pyenv/versions/3.4.1/lib/python3.4/site-
packages/django/core/handlers/wsgi.py", line 262, in get_str_from_wsgi
return value if six.PY2 else value.encode(ISO_8859_1).decode(UTF_8)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe7 in position 33:
invalid continuation byte
}}}
Unparsed cookies.
{{{
Request repr():
<WSGIRequest
path:/join1/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:<could not parse>,
META:{'CONTENT_LENGTH': '',
'CONTENT_TYPE': '',
'DOCUMENT_ROOT': '/usr/local/nginx/html',
'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
'HTTP_ACCEPT_LANGUAGE': 'it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE':
'csrftoken=89uzZHmJ9ALZXxSTvVnEueCçWÈ\x03Ç\x9c(êh]Û\x8eÉ÷\x89&Æ/\x19á\x0f\t'
'*£\x15Îè×MJ\x0e.1412634272',
. . .
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23638>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* needs_better_patch: => 0
* component: Uncategorized => HTTP handling
* needs_tests: => 0
* needs_docs: => 0
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
Your cookie content seems really garbage, it's unlikely that Django
produced it.
Anyway, Django should not crash. I'll suggest a patch to fix this.
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:1>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* has_patch: 0 => 1
Comment:
https://github.com/django/django/pull/3348
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:2>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution:
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by timgraham):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:3>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 1.7
Keywords: | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"59d487e7fc02980e76dad053dd989c8b4899444f"]:
{{{
#!CommitTicketReference repository=""
revision="59d487e7fc02980e76dad053dd989c8b4899444f"
Fixed #23638 -- Prevented crash while parsing invalid cookie content
Thanks Philip Gatt for the report and Tim Graham for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:4>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Claude Paroz <claude@…>):
In [changeset:"6398ebab93a6a19afd1aee9cef120f052a801717"]:
{{{
#!CommitTicketReference repository=""
revision="6398ebab93a6a19afd1aee9cef120f052a801717"
[1.7.x] Fixed #23638 -- Prevented crash while parsing invalid cookie
content
Thanks Philip Gatt for the report and Tim Graham for the review.
Backport of 59d487e7fc from master.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:5>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Old description:
New description:
I'm am cleaning up my random errors, and this one has me stumped. Should I
--
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:6>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Claude Paroz <claude@…>):
In [changeset:"7131efa154a3e4dd0121503578fa6ca676366431"]:
{{{
#!CommitTicketReference repository=""
revision="7131efa154a3e4dd0121503578fa6ca676366431"
Adapted invalid cookie test to all Python versions
Refs #23638. Older Python versions are less strict when parsing
invalid cookie content. The test just has to ensure Django doesn't
crash.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:7>
Django
Reporter: defcube | Owner: nobody
Type: Bug | Status: closed
Component: HTTP handling | Version: 1.7
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Claude Paroz <claude@…>):
In [changeset:"555952c3e6fd0f4041ea7012d216641f6ffafe5b"]:
{{{
#!CommitTicketReference repository=""
revision="555952c3e6fd0f4041ea7012d216641f6ffafe5b"
[1.7.x] Adapted invalid cookie test to all Python versions
Refs #23638. Older Python versions are less strict when parsing
invalid cookie content. The test just has to ensure Django doesn't
crash.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23638#comment:8>