mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-07-14 02:02:26 +03:00
Strip null characters from search param (#6774)
This commit is contained in:
parent
280014fe37
commit
e4e75f1c7c
|
@ -64,7 +64,9 @@ class SearchFilter(BaseFilterBackend):
|
||||||
and may be comma and/or whitespace delimited.
|
and may be comma and/or whitespace delimited.
|
||||||
"""
|
"""
|
||||||
params = request.query_params.get(self.search_param, '')
|
params = request.query_params.get(self.search_param, '')
|
||||||
return params.replace(',', ' ').split()
|
params = params.replace('\x00', '') # strip null characters
|
||||||
|
params = params.replace(',', ' ')
|
||||||
|
return params.split()
|
||||||
|
|
||||||
def construct_search(self, field_name):
|
def construct_search(self, field_name):
|
||||||
lookup = self.lookup_prefixes.get(field_name[0])
|
lookup = self.lookup_prefixes.get(field_name[0])
|
||||||
|
|
|
@ -180,6 +180,15 @@ class SearchFilterTests(TestCase):
|
||||||
{'id': 3, 'title': 'zzz', 'text': 'cde'}
|
{'id': 3, 'title': 'zzz', 'text': 'cde'}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
def test_search_field_with_null_characters(self):
|
||||||
|
view = generics.GenericAPIView()
|
||||||
|
request = factory.get('/?search=\0as%00d\x00f')
|
||||||
|
request = view.initialize_request(request)
|
||||||
|
|
||||||
|
terms = filters.SearchFilter().get_search_terms(request)
|
||||||
|
|
||||||
|
assert terms == ['asdf']
|
||||||
|
|
||||||
|
|
||||||
class AttributeModel(models.Model):
|
class AttributeModel(models.Model):
|
||||||
label = models.CharField(max_length=32)
|
label = models.CharField(max_length=32)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user