VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-09 03:54:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement workaround for django bug #15152 for badly encoded URLs

Browse Source 
Hopefully this will stop the system spamming us..
This commit is contained in:
Magnus Hagander
2014-06-03 09:24:43 +02:00
parent 8c4898e988
commit 596520ba13
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pgweb/settings.py
View File

@ -58,6 +58,7 @@ TEMPLATE_LOADERS = (
) )
MIDDLEWARE_CLASSES = [ MIDDLEWARE_CLASSES = [
'util.middleware.RequestCheckMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',

16
pgweb/util/middleware.py
View File

@ -1,4 +1,4 @@
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect, HttpResponse
from django.conf import settings from django.conf import settings
# Use thread local storage to pass the username down. # Use thread local storage to pass the username down.
@ -78,3 +78,17 @@ class PgMiddleware(object):
return HttpResponseRedirect(redirect_to) return HttpResponseRedirect(redirect_to)
else: else:
return None return None
# Protection middleware against badly encoded query strings.
# We could probably block this in the webserver further out, but this
# is a quick-fix. From django ticket #15152.
class RequestCheckMiddleware(object):
def process_request(self, request):
try:
u'%s' % request.META.get('QUERY_STRING','')
except UnicodeDecodeError:
response = HttpResponse()
response.status_code = 400 #Bad Request
return response