Merge pull request #2994 from jarek/werkzeug-640-exceptions-during-bind

Handle errors during create_url_adapter
2018-11-13 13:55:35 -05:00 · 2018-11-13 13:55:35 -05:00 · ca23b7b406
commit ca23b7b406
parent 339419117f a5709e7850
3 changed files with 65 additions and 2 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -12,8 +12,12 @@ Unreleased
 -   :meth:`flask.RequestContext.copy` includes the current session
    object in the request context copy. This prevents ``flask.session`` 
    pointing to an out-of-date object. (`#2935`)
 -   Using built-in RequestContext, unprintable Unicode characters in Host
    header will result in a HTTP 400 response and not HTTP 500 as previously.
    (`#2994`)
 .. _#2935: https://github.com/pallets/flask/issues/2935
 .. _#2994: https://github.com/pallets/flask/pull/2994
 Version 1.0.3
--- a/flask/ctx.py
+++ b/flask/ctx.py
@ -282,7 +282,11 @@ class RequestContext(object):
        if request is None:
            request = app.request_class(environ)
        self.request = request
-        self.url_adapter = app.create_url_adapter(self.request)
+        self.url_adapter = None
        try:
            self.url_adapter = app.create_url_adapter(self.request)
        except HTTPException as e:
            self.request.routing_exception = e
        self.flashes = None
        self.session = session
@ -305,7 +309,8 @@ class RequestContext(object):
        # functions.
        self._after_request_functions = []
-        self.match_request()
+        if self.url_adapter is not None:
            self.match_request()
    def _get_g(self):
        return _app_ctx_stack.top.g
--- a/tests/test_reqctx.py
+++ b/tests/test_reqctx.py
@ -229,3 +229,57 @@ def test_session_error_pops_context():
    assert response.status_code == 500
    assert not flask.request
    assert not flask.current_app
 def test_bad_environ_raises_bad_request():
    app = flask.Flask(__name__)
    # We cannot use app.test_client() for the Unicode-rich Host header,
    # because werkzeug enforces latin1 on Python 2.
    # However it works when actually passed to the server.
    from flask.testing import make_test_environ_builder
    builder = make_test_environ_builder(app)
    environ = builder.get_environ()
    # use a non-printable character in the Host - this is key to this test
    environ['HTTP_HOST'] = u'\x8a'
    with app.request_context(environ):
        response = app.full_dispatch_request()
    assert response.status_code == 400
 def test_environ_for_valid_idna_completes():
    app = flask.Flask(__name__)
    @app.route('/')
    def index():
        return 'Hello World!'
    # We cannot use app.test_client() for the Unicode-rich Host header,
    # because werkzeug enforces latin1 on Python 2.
    # However it works when actually passed to the server.
    from flask.testing import make_test_environ_builder
    builder = make_test_environ_builder(app)
    environ = builder.get_environ()
    # these characters are all IDNA-compatible
    environ['HTTP_HOST'] = u'ąśźäüжŠßя.com'
    with app.request_context(environ):
        response = app.full_dispatch_request()
    assert response.status_code == 200
 def test_normal_environ_completes():
    app = flask.Flask(__name__)
    @app.route('/')
    def index():
        return 'Hello World!'
    response = app.test_client().get('/', headers={'host': 'xn--on-0ia.com'})
    assert response.status_code == 200