Strip null characters from search param (#6774)

This commit is contained in:
Ryan P Kilby 2019-07-02 11:33:48 -07:00 committed by GitHub
parent 280014fe37
commit e4e75f1c7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 1 deletions

View File

@ -64,7 +64,9 @@ class SearchFilter(BaseFilterBackend):
and may be comma and/or whitespace delimited.
"""
params = request.query_params.get(self.search_param, '')
return params.replace(',', ' ').split()
params = params.replace('\x00', '') # strip null characters
params = params.replace(',', ' ')
return params.split()
def construct_search(self, field_name):
lookup = self.lookup_prefixes.get(field_name[0])

View File

@ -180,6 +180,15 @@ class SearchFilterTests(TestCase):
{'id': 3, 'title': 'zzz', 'text': 'cde'}
]
def test_search_field_with_null_characters(self):
view = generics.GenericAPIView()
request = factory.get('/?search=\0as%00d\x00f')
request = view.initialize_request(request)
terms = filters.SearchFilter().get_search_terms(request)
assert terms == ['asdf']
class AttributeModel(models.Model):
label = models.CharField(max_length=32)