If JSON parsing fails it now issues a BadRequest exception.
This commit is contained in:
parent
acac64e36a
commit
ce70131975
4 changed files with 36 additions and 4 deletions
5
CHANGES
5
CHANGES
|
|
@ -14,7 +14,7 @@ Relase date to be decided, codename to be chosen.
|
||||||
- Empty session cookies are now deleted properly automatically.
|
- Empty session cookies are now deleted properly automatically.
|
||||||
- View functions can now opt out of getting the automatic
|
- View functions can now opt out of getting the automatic
|
||||||
OPTIONS implementation.
|
OPTIONS implementation.
|
||||||
- HTTP exceptions and Bad Request Key Errors can now be trapped so that they
|
- HTTP exceptions and Bad Request errors can now be trapped so that they
|
||||||
show up normally in the traceback.
|
show up normally in the traceback.
|
||||||
- Flask in debug mode is now detecting some common problems and tries to
|
- Flask in debug mode is now detecting some common problems and tries to
|
||||||
warn you about them.
|
warn you about them.
|
||||||
|
|
@ -23,6 +23,9 @@ Relase date to be decided, codename to be chosen.
|
||||||
feedback when users forget to import view code ahead of time.
|
feedback when users forget to import view code ahead of time.
|
||||||
- Added the ability to register callbacks that are only triggered once at
|
- Added the ability to register callbacks that are only triggered once at
|
||||||
the beginning of the first request. (:meth:`Flask.before_first_request`)
|
the beginning of the first request. (:meth:`Flask.before_first_request`)
|
||||||
|
- Malformed JSON data will now trigger a bad request HTTP exception instead
|
||||||
|
of a value error which usually would result in a 500 internal server
|
||||||
|
error if not handled. This is a backwards incompatible change.
|
||||||
|
|
||||||
Version 0.7.3
|
Version 0.7.3
|
||||||
-------------
|
-------------
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,13 @@ object. With that introduction we moved the implementation details for
|
||||||
the session system into a new module called :mod:`flask.sessions`. If you
|
the session system into a new module called :mod:`flask.sessions`. If you
|
||||||
used the previously undocumented session support we urge you to upgrade.
|
used the previously undocumented session support we urge you to upgrade.
|
||||||
|
|
||||||
|
If invalid JSON data was submitted Flask will now raise a
|
||||||
|
:exc:`~werkzeug.exceptions.BadRequest` exception instead of letting the
|
||||||
|
default :exc:`ValueError` bubble up. This has the advantage that you no
|
||||||
|
longer have to handle that error to avoid an internal server error showing
|
||||||
|
up for the user. If you were catching this down explicitly in the past
|
||||||
|
as `ValueError` you will need to change this.
|
||||||
|
|
||||||
Version 0.7
|
Version 0.7
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from werkzeug.wrappers import Request as RequestBase, Response as ResponseBase
|
from werkzeug.wrappers import Request as RequestBase, Response as ResponseBase
|
||||||
|
from werkzeug.exceptions import BadRequest
|
||||||
from werkzeug.utils import cached_property
|
from werkzeug.utils import cached_property
|
||||||
|
|
||||||
from .debughelpers import attach_enctype_error_multidict
|
from .debughelpers import attach_enctype_error_multidict
|
||||||
|
|
@ -96,9 +97,21 @@ class Request(RequestBase):
|
||||||
_assert_have_json()
|
_assert_have_json()
|
||||||
if self.mimetype == 'application/json':
|
if self.mimetype == 'application/json':
|
||||||
request_charset = self.mimetype_params.get('charset')
|
request_charset = self.mimetype_params.get('charset')
|
||||||
if request_charset is not None:
|
try:
|
||||||
return json.loads(self.data, encoding=request_charset)
|
if request_charset is not None:
|
||||||
return json.loads(self.data)
|
return json.loads(self.data, encoding=request_charset)
|
||||||
|
return json.loads(self.data)
|
||||||
|
except ValueError, e:
|
||||||
|
return self.on_json_loading_failed(e)
|
||||||
|
|
||||||
|
def on_json_loading_failed(self, e):
|
||||||
|
"""Called if decoding of the JSON data failed. The return value of
|
||||||
|
this method is used by :attr:`json` when an error ocurred. The
|
||||||
|
default implementation raises a :class:`~werkzeug.exceptions.BadRequest`.
|
||||||
|
|
||||||
|
.. versionadded:: 0.8
|
||||||
|
"""
|
||||||
|
raise BadRequest()
|
||||||
|
|
||||||
def _load_form_data(self):
|
def _load_form_data(self):
|
||||||
RequestBase._load_form_data(self)
|
RequestBase._load_form_data(self)
|
||||||
|
|
|
||||||
|
|
@ -984,6 +984,15 @@ class BasicFunctionalityTestCase(unittest.TestCase):
|
||||||
|
|
||||||
class JSONTestCase(unittest.TestCase):
|
class JSONTestCase(unittest.TestCase):
|
||||||
|
|
||||||
|
def test_json_bad_requests(self):
|
||||||
|
app = flask.Flask(__name__)
|
||||||
|
@app.route('/json', methods=['POST'])
|
||||||
|
def return_json():
|
||||||
|
return unicode(flask.request.json)
|
||||||
|
c = app.test_client()
|
||||||
|
rv = c.post('/json', data='malformed', content_type='application/json')
|
||||||
|
self.assertEqual(rv.status_code, 400)
|
||||||
|
|
||||||
def test_json_body_encoding(self):
|
def test_json_body_encoding(self):
|
||||||
app = flask.Flask(__name__)
|
app = flask.Flask(__name__)
|
||||||
app.testing = True
|
app.testing = True
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue