From 596520ba132d3c9798672d7dbaf56a5c3707f964 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 3 Jun 2014 09:24:43 +0200
Subject: [PATCH] Implement workaround for django bug #15152 for badly encoded
 URLs

Hopefully this will stop the system spamming us..
---
 pgweb/settings.py        |  1 +
 pgweb/util/middleware.py | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pgweb/settings.py b/pgweb/settings.py
index 5b39fe3f..2125c443 100644
--- a/pgweb/settings.py
+++ b/pgweb/settings.py
@@ -58,6 +58,7 @@ TEMPLATE_LOADERS = (
 )
 
 MIDDLEWARE_CLASSES = [
+	'util.middleware.RequestCheckMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
 	'django.contrib.messages.middleware.MessageMiddleware',
diff --git a/pgweb/util/middleware.py b/pgweb/util/middleware.py
index ba9f8545..1b0cbc2c 100644
--- a/pgweb/util/middleware.py
+++ b/pgweb/util/middleware.py
@@ -1,4 +1,4 @@
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
 from django.conf import settings
 
 # Use thread local storage to pass the username down. 
@@ -78,3 +78,17 @@ class PgMiddleware(object):
 					return HttpResponseRedirect(redirect_to)
 				else:
 					return None
+
+
+
+# Protection middleware against badly encoded query strings.
+# We could probably block this in the webserver further out, but this
+# is a quick-fix. From django ticket #15152.
+class RequestCheckMiddleware(object):
+	def process_request(self, request):
+		try:
+			u'%s' % request.META.get('QUERY_STRING','')
+		except UnicodeDecodeError:
+			response = HttpResponse()
+			response.status_code = 400  #Bad Request
+			return response
-- 
2.39.5