From 9d8db8e4cab03863873ebf598ededa4459f2e002 Mon Sep 17 00:00:00 2001
From: "Dave St.Germain" <dstgermain@edx.org>
Date: Mon, 19 Aug 2019 15:10:56 -0400
Subject: [PATCH] Convert to utf-8 before JSON decoding

---
 cms/djangoapps/contentstore/views/assets.py       | 2 +-
 cms/djangoapps/contentstore/views/certificates.py | 2 +-
 common/djangoapps/util/json_request.py            | 2 +-
 lms/djangoapps/ccx/views.py                       | 2 +-
 lms/djangoapps/courseware/views/views.py          | 2 +-
 lms/djangoapps/edxnotes/views.py                  | 2 +-
 openedx/core/djangoapps/lang_pref/views.py        | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/cms/djangoapps/contentstore/views/assets.py b/cms/djangoapps/contentstore/views/assets.py
index 8a8780f41a..c914063283 100644
--- a/cms/djangoapps/contentstore/views/assets.py
+++ b/cms/djangoapps/contentstore/views/assets.py
@@ -538,7 +538,7 @@ def _update_asset(request, course_key, asset_key):
 
         # update existing asset
         try:
-            modified_asset = json.loads(request.body)
+            modified_asset = json.loads(request.body.decode('utf8'))
         except ValueError:
             return HttpResponseBadRequest()
         contentstore().set_attr(asset_key, 'locked', modified_asset['locked'])
diff --git a/cms/djangoapps/contentstore/views/certificates.py b/cms/djangoapps/contentstore/views/certificates.py
index a47af6ec8f..69a208c8b9 100644
--- a/cms/djangoapps/contentstore/views/certificates.py
+++ b/cms/djangoapps/contentstore/views/certificates.py
@@ -349,7 +349,7 @@ def certificate_activation_handler(request, course_key_string):
         msg = _(u'PermissionDenied: Failed in authenticating {user}').format(user=request.user)
         return JsonResponse({"error": msg}, status=403)
 
-    data = json.loads(request.body)
+    data = json.loads(request.body.decode('utf8'))
     is_active = data.get('is_active', False)
     certificates = CertificateManager.get_certificates(course)
 
diff --git a/common/djangoapps/util/json_request.py b/common/djangoapps/util/json_request.py
index a5badd3bb7..2b001ed9e3 100644
--- a/common/djangoapps/util/json_request.py
+++ b/common/djangoapps/util/json_request.py
@@ -46,7 +46,7 @@ def expect_json(view_function):
         # e.g. 'charset', so we can't do a direct string compare
         if "application/json" in request.META.get('CONTENT_TYPE', '') and request.body:
             try:
-                request.json = json.loads(request.body)
+                request.json = json.loads(request.body.decode('utf8'))
             except ValueError:
                 return JsonResponseBadRequest({"error": "Invalid JSON"})
         else:
diff --git a/lms/djangoapps/ccx/views.py b/lms/djangoapps/ccx/views.py
index b9144839ec..c7b3e17885 100644
--- a/lms/djangoapps/ccx/views.py
+++ b/lms/djangoapps/ccx/views.py
@@ -313,7 +313,7 @@ def save_ccx(request, course, ccx=None):
         return earliest, ccx_ids_to_delete
 
     graded = {}
-    earliest, ccx_ids_to_delete = override_fields(course, json.loads(request.body), graded, [])
+    earliest, ccx_ids_to_delete = override_fields(course, json.loads(request.body.decode('utf8')), graded, [])
     bulk_delete_ccx_override_fields(ccx, ccx_ids_to_delete)
     if earliest:
         override_field_for_ccx(ccx, course, 'start', earliest)
diff --git a/lms/djangoapps/courseware/views/views.py b/lms/djangoapps/courseware/views/views.py
index 43898fa28c..c6fe2f06d8 100644
--- a/lms/djangoapps/courseware/views/views.py
+++ b/lms/djangoapps/courseware/views/views.py
@@ -1633,7 +1633,7 @@ def financial_assistance(_request):
 def financial_assistance_request(request):
     """Submit a request for financial assistance to Zendesk."""
     try:
-        data = json.loads(request.body)
+        data = json.loads(request.body.decode('utf8'))
         # Simple sanity check that the session belongs to the user
         # submitting an FA request
         username = data['username']
diff --git a/lms/djangoapps/edxnotes/views.py b/lms/djangoapps/edxnotes/views.py
index 0704af26b9..6833f19be4 100644
--- a/lms/djangoapps/edxnotes/views.py
+++ b/lms/djangoapps/edxnotes/views.py
@@ -205,7 +205,7 @@ def edxnotes_visibility(request, course_id):
         raise Http404
 
     try:
-        visibility = json.loads(request.body)["visibility"]
+        visibility = json.loads(request.body.decode('utf8'))["visibility"]
         course_module.edxnotes_visibility = visibility
         course_module.save()
         return JsonResponse(status=200)
diff --git a/openedx/core/djangoapps/lang_pref/views.py b/openedx/core/djangoapps/lang_pref/views.py
index 95127e9103..d1196d48e5 100644
--- a/openedx/core/djangoapps/lang_pref/views.py
+++ b/openedx/core/djangoapps/lang_pref/views.py
@@ -22,7 +22,7 @@ def update_session_language(request):
     """
     response = HttpResponse(200)
     if request.method == 'PATCH':
-        data = json.loads(request.body)
+        data = json.loads(request.body.decode('utf8'))
         language = data.get(LANGUAGE_KEY, settings.LANGUAGE_CODE)
         if request.session.get(LANGUAGE_SESSION_KEY, None) != language:
             request.session[LANGUAGE_SESSION_KEY] = six.text_type(language)