encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-07-16 11:12:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Strip null characters from search param (#6774)

Browse Source
This commit is contained in:
Ryan P Kilby 2019-07-02 11:33:48 -07:00 committed by GitHub
parent 280014fe37
commit e4e75f1c7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rest_framework/filters.py
View File

@ -64,7 +64,9 @@ class SearchFilter(BaseFilterBackend):
and may be comma and/or whitespace delimited. and may be comma and/or whitespace delimited.
""" """
params = request.query_params.get(self.search_param, '') params = request.query_params.get(self.search_param, '')
return params.replace(',', ' ').split() params = params.replace('\x00', '') # strip null characters
params = params.replace(',', ' ')
return params.split()
def construct_search(self, field_name): def construct_search(self, field_name):
lookup = self.lookup_prefixes.get(field_name[0]) lookup = self.lookup_prefixes.get(field_name[0])

9
tests/test_filters.py
View File

@ -180,6 +180,15 @@ class SearchFilterTests(TestCase):
{'id': 3, 'title': 'zzz', 'text': 'cde'} {'id': 3, 'title': 'zzz', 'text': 'cde'}
] ]
def test_search_field_with_null_characters(self):
view = generics.GenericAPIView()
request = factory.get('/?search=\0as%00d\x00f')
request = view.initialize_request(request)
terms = filters.SearchFilter().get_search_terms(request)
assert terms == ['asdf']
class AttributeModel(models.Model): class AttributeModel(models.Model):
label = models.CharField(max_length=32) label = models.CharField(max_length=32)