From 101fd29039dc17df3ad317580cf4bcf5ba1c1c03 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 15 Aug 2016 16:53:17 +0100 Subject: [PATCH] Do not include uploads in request.POST (#4407) --- rest_framework/request.py | 2 +- tests/test_request.py | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/rest_framework/request.py b/rest_framework/request.py index aafafcb32..f5738bfd5 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -373,7 +373,7 @@ class Request(object): if not _hasattr(self, '_data'): self._load_data_and_files() if is_form_media_type(self.content_type): - return self.data + return self._data return QueryDict('', encoding=self._request._encoding) @property diff --git a/tests/test_request.py b/tests/test_request.py index dee636d76..dbfa695fd 100644 --- a/tests/test_request.py +++ b/tests/test_request.py @@ -7,6 +7,7 @@ from django.conf.urls import url from django.contrib.auth import authenticate, login, logout from django.contrib.auth.models import User from django.contrib.sessions.middleware import SessionMiddleware +from django.core.files.uploadedfile import SimpleUploadedFile from django.test import TestCase, override_settings from django.utils import six @@ -78,6 +79,16 @@ class TestContentParsing(TestCase): request.parsers = (FormParser(), MultiPartParser()) self.assertEqual(list(request.POST.items()), list(data.items())) + def test_request_POST_with_files(self): + """ + Ensure request.POST returns no content for POST request with file content. + """ + upload = SimpleUploadedFile("file.txt", b"file_content") + request = Request(factory.post('/', {'upload': upload})) + request.parsers = (FormParser(), MultiPartParser()) + self.assertEqual(list(request.POST.keys()), []) + self.assertEqual(list(request.FILES.keys()), ['upload']) + def test_standard_behaviour_determines_form_content_PUT(self): """ Ensure request.data returns content for PUT request with form content.