Implement workaround for django bug #15152 for badly encoded URLs

Hopefully this will stop the system spamming us..

diff --git a/pgweb/settings.py b/pgweb/settings.py
index 5b39fe3fde68a15700369e7a7f8a44d347e5e994..2125c4431ff798b36d9153d430e64430fafc842a 100644 (file)
--- a/pgweb/settings.py
+++ b/pgweb/settings.py
@@ -58,6 +58,7 @@ TEMPLATE_LOADERS = (
 )
 
 MIDDLEWARE_CLASSES = [
+       'util.middleware.RequestCheckMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',

diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py
index ba9f85458e605070f630c7f880a7333bf632c979..1b0cbc2c289e696cefb11c6d623117b2e42e9043 100644 (file)
--- a/pgweb/util/middleware.py
+++ b/pgweb/util/middleware.py
@@ -1,4 +1,4 @@
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
 from django.conf import settings
 
 # Use thread local storage to pass the username down. 
@@ -78,3 +78,17 @@ class PgMiddleware(object):
                                        return HttpResponseRedirect(redirect_to)
                                else:
                                        return None
+
+
+
+# Protection middleware against badly encoded query strings.
+# We could probably block this in the webserver further out, but this
+# is a quick-fix. From django ticket #15152.
+class RequestCheckMiddleware(object):
+       def process_request(self, request):
+               try:
+                       u'%s' % request.META.get('QUERY_STRING','')
+               except UnicodeDecodeError:
+                       response = HttpResponse()
+                       response.status_code = 400  #Bad Request
+                       return response