From c86cbe466c549ef605e5525eaf2592267aa0735d Mon Sep 17 00:00:00 2001 From: Mat Peterson Date: Tue, 17 Jun 2014 14:53:17 +0000 Subject: [PATCH] 404 error for unwanted unicode in url LMS-2488 --- lms/djangoapps/courseware/tests/test_views.py | 16 ++++++++++++++++ lms/djangoapps/courseware/views.py | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/lms/djangoapps/courseware/tests/test_views.py b/lms/djangoapps/courseware/tests/test_views.py index 778da787b5..7cba9efdcb 100644 --- a/lms/djangoapps/courseware/tests/test_views.py +++ b/lms/djangoapps/courseware/tests/test_views.py @@ -158,6 +158,22 @@ class ViewsTestCase(TestCase): response = self.client.get(request_url) self.assertEqual(response.status_code, 404) + def test_unicode_handling_in_url(self): + url_parts = [ + '/courses', + self.course.id.to_deprecated_string(), + self.chapter.location.name, + self.section.location.name, + '1' + ] + + for idx, val in enumerate(url_parts): + url_parts_copy = url_parts[:] + url_parts_copy[idx] = val + u'χ' + request_url = '/'.join(url_parts_copy) + response = self.client.get(request_url) + self.assertEqual(response.status_code, 404) + def test_registered_for_course(self): self.assertFalse(views.registered_for_course('Basketweaving', None)) mock_user = MagicMock() diff --git a/lms/djangoapps/courseware/views.py b/lms/djangoapps/courseware/views.py index 208bcf5380..ce9a9d15a5 100644 --- a/lms/djangoapps/courseware/views.py +++ b/lms/djangoapps/courseware/views.py @@ -404,6 +404,12 @@ def index(request, course_id, chapter=None, section=None, result = render_to_response('courseware/courseware.html', context) except Exception as e: + + # Doesn't bar Unicode characters from URL, but if Unicode characters do + # cause an error it is a graceful failure. + if isinstance(e, UnicodeEncodeError): + raise Http404("URL contains Unicode characters") + if isinstance(e, Http404): # let it propagate raise