[Django] #27153: HttpResponseBase should check for valid HTTP status code
Django
--------------------------------------+--------------------
Reporter: ryangallen | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 1 | UI/UX: 0
--------------------------------------+--------------------
Currently, the HttpResponseBase class does not check for Type or Value
Error on the HTTP status code. If a bad value such as a string is passed
it, an exception is not thrown until it reaches:
{{{
File "django/http/utils.py", line 17, in conditional_content_removal
if 100 <= response.status_code < 200 or response.status_code in (204,
304):
TypeError: unorderable types: int() <= str()
}}}
Proposed fix:
- Valid status values in the form of a string should be coerced to an
integer if possible.
- Integer values less than 100 or greater than 599 should also be rejected
based on [https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html W3C
Status Code Definitions RFC 2612]
--
Ticket URL: <https://code.djangoproject.com/ticket/27153>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: ryangallen | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: HTTP handling | Version: 1.10
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by ryangallen):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Github PR: https://github.com/django/django/pull/7165
--
Ticket URL: <https://code.djangoproject.com/ticket/27153#comment:1>
Django
Reporter: ryangallen | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.10
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by timgraham):
* needs_better_patch: 0 => 1
* easy: 1 => 0
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/27153#comment:2>
Django
Reporter: ryangallen | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: HTTP handling | Version: 1.10
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/27153#comment:3>
Django
Reporter: ryangallen | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.10
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"190d2ff4a7a392adfe0b12552bd71871791d87aa" 190d2ff4]:
{{{
#!CommitTicketReference repository=""
revision="190d2ff4a7a392adfe0b12552bd71871791d87aa"
Fixed #27153 -- Added validation for HttpResponse status.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27153#comment:4>