#35673: ExceptionReporter.get_traceback_data() does not handle when request.GET
data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
---------------------------------+------------------------------------
Reporter: Pēteris Caune | Owner: (none)
Type: Bug | Status: new
Component: Error reporting | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Changes (by Sarah Boyce):
* stage: Unreviewed => Accepted
* summary:
When URL has 1000+ query parameters, and DEBUG=True, Django does not
generate the error page correctly
=>
ExceptionReporter.get_traceback_data() does not handle when
request.GET data exceeds DATA_UPLOAD_MAX_NUMBER_FIELDS
Comment:
Thank you!
Here's a rough test
{{{#!diff
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -461,6 +461,12 @@ class DebugViewTests(SimpleTestCase):
response = self.client.get("/raises500/", headers={"accept":
"text/plain"})
self.assertContains(response, "Oh dear, an error occurred!",
status_code=500)
+ @override_settings(DATA_UPLOAD_MAX_NUMBER_FIELDS=1)
+ def test_max_number_of_fields_exceeded(self):
+ with self.assertLogs("django.security", "WARNING"):
+ response = self.client.get("", query_params={"a": [1, 2]})
+ self.assertContains(response, '<div class="context" id="',
status_code=400)
+
class DebugViewQueriesAllowedTests(SimpleTestCase):
# May need a query to initialize MySQL connection
diff --git a/tests/view_tests/views.py b/tests/view_tests/views.py
index 9eb7a352d6..f9fc2241a3 100644
--- a/tests/view_tests/views.py
+++ b/tests/view_tests/views.py
@@ -22,6 +22,7 @@ TEMPLATES_PATH = Path(__file__).resolve().parent /
"templates"
def index_page(request):
"""Dummy index page"""
+ request.GET.getlist("a")
return HttpResponse("<html><body>Dummy page</body></html>")
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35673#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701914c33a4bd-84087be7-b878-4499-a05a-e6b0cc85721d-000000%40eu-central-1.amazonses.com.