Django

Code

Ticket #1201 (assigned)

Opened 3 years ago

Last modified 6 months ago

query string parsing problem

Reported by: Eric Moritz Assigned to: foobarmus (accepted)
Milestone: Component: Core framework
Version: Keywords:
Cc: Triage Stage: Accepted
Has patch: 1 Needs documentation: 0
Needs tests: 1 Patch needs improvement: 1

Description

If you use Django with a python version older than 2.4, the cgi.parse_qsl function incorrectly parses query strings. If a query string consists of "?print" the variable is ignored. I fixed this by yanking the pares_qsl function out of a 2.4 version of the cgi module and putting it in django/utils/future_cgi.py and use it instead of the parse_qsl function provided by python. This is only evident when Django is not used with mod_python.

If we want Django to work properly with python 2.3 we may want to include this work around.

Attachments

1201.diff (6.6 kB) - added by arien <regexbot@gmail.com> on 11/11/07 08:04:23.

Change History

01/14/06 18:39:32 changed by adrian

Hey Eric, could you provide the patch?

01/19/07 04:56:04 changed by Simon G. <dev@simon.net.nz>

  • stage changed from Unreviewed to Design decision needed.

03/10/07 04:13:35 changed by mtredinnick

  • stage changed from Design decision needed to Accepted.

This is a real bug (in Python 2.3). We should be using our own version of parse_qs for 2.3, as Eric suggests. The specific thing about the query string he mentions is that it's not of the form "?name=value", it's just "?name", which is still valid.

11/11/07 08:04:23 changed by arien <regexbot@gmail.com>

  • attachment 1201.diff added.

11/11/07 08:13:12 changed by arien <regexbot@gmail.com>

  • has_patch set to 1.

The attached patch makes it so that parse_qs, parse_qsl, and parse_header from Python 2.5.1 are used. (I simply copied them and added the required import.)

I also took the liberty of adding keep_blank_values=True for django.core.cache.get_cache and django.utils.simplejson.jsonfilter.JSONFilter.

The bugfixes for the functions parse_qsl and parse_header are included in Python 2.3.5 and up (see the comment in django.utils._cgi).

11/11/07 08:37:00 changed by arien <regexbot@gmail.com>

The functions in django.utils._cgi should of course include "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Python Software Foundation; All Rights Reserved" and maybe the History comment block from the original cgi.py. Including that somehow escaped me... :-(

12/01/07 02:32:48 changed by foobarmus

  • owner changed from nobody to foobarmus.
  • status changed from new to assigned.

02/21/08 15:44:50 changed by SmileyChris

  • stage changed from Accepted to Design decision needed.

Is it good enough to always use our version? Malcolm had said we should "use our version for 2.3" which I read as "only use our version for <2.4"

02/21/08 15:48:43 changed by mtredinnick

Our normal practice is to use Python's native version when it's sufficient. Providing the API we use is the same (which is why this rule doesn't apply to _doctest.py, for example), I think that should be the case here, too. Put the Django replacement in a compat file in django/utils and load that only if required. We might as well take advantage of all upstream fixes for more recent Python versions.

02/21/08 16:09:03 changed by SmileyChris

  • needs_better_patch set to 1.
  • stage changed from Design decision needed to Accepted.

07/13/08 12:48:29 changed by adrian

  • needs_tests set to 1.

Add/Change #1201 (query string parsing problem)




Change Properties
Action