mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-03-31 07:14:28 +03:00
Strip null characters from search param (#6774)
This commit is contained in:
parent
280014fe37
commit
e4e75f1c7c
|
@ -64,7 +64,9 @@ class SearchFilter(BaseFilterBackend):
|
|||
and may be comma and/or whitespace delimited.
|
||||
"""
|
||||
params = request.query_params.get(self.search_param, '')
|
||||
return params.replace(',', ' ').split()
|
||||
params = params.replace('\x00', '') # strip null characters
|
||||
params = params.replace(',', ' ')
|
||||
return params.split()
|
||||
|
||||
def construct_search(self, field_name):
|
||||
lookup = self.lookup_prefixes.get(field_name[0])
|
||||
|
|
|
@ -180,6 +180,15 @@ class SearchFilterTests(TestCase):
|
|||
{'id': 3, 'title': 'zzz', 'text': 'cde'}
|
||||
]
|
||||
|
||||
def test_search_field_with_null_characters(self):
|
||||
view = generics.GenericAPIView()
|
||||
request = factory.get('/?search=\0as%00d\x00f')
|
||||
request = view.initialize_request(request)
|
||||
|
||||
terms = filters.SearchFilter().get_search_terms(request)
|
||||
|
||||
assert terms == ['asdf']
|
||||
|
||||
|
||||
class AttributeModel(models.Model):
|
||||
label = models.CharField(max_length=32)
|
||||
|
|
Loading…
Reference in New Issue
Block a user