From b3698acb6c0b9eaa04189599e27014c788a75adc Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 22 Nov 2012 00:20:49 +0100 Subject: First passing test under p3k \o/ --- rest_framework/parsers.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 4841676c..361dfb77 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -56,7 +56,7 @@ class JSONParser(BaseParser): """ try: return json.load(stream) - except ValueError, exc: + except ValueError as exc: raise ParseError('JSON parse error - %s' % unicode(exc)) @@ -76,7 +76,7 @@ class YAMLParser(BaseParser): """ try: return yaml.safe_load(stream) - except (ValueError, yaml.parser.ParserError), exc: + except (ValueError, yaml.parser.ParserError) as exc: raise ParseError('YAML parse error - %s' % unicode(exc)) @@ -121,7 +121,7 @@ class MultiPartParser(BaseParser): parser = DjangoMultiPartParser(meta, stream, upload_handlers) data, files = parser.parse() return DataAndFiles(data, files) - except MultiPartParserError, exc: + except MultiPartParserError as exc: raise ParseError('Multipart form parse error - %s' % unicode(exc)) @@ -135,7 +135,7 @@ class XMLParser(BaseParser): def parse(self, stream, media_type=None, parser_context=None): try: tree = ET.parse(stream) - except (ExpatError, ETParseError, ValueError), exc: + except (ExpatError, ETParseError, ValueError) as exc: raise ParseError('XML parse error - %s' % unicode(exc)) data = self._xml_convert(tree.getroot()) -- cgit v1.2.3 From e348ee92552aab51290dfe6b256ad03b8d62e6f9 Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Fri, 23 Nov 2012 01:12:33 +0100 Subject: 52 tests passing. Refactored a few string / byte io. --- rest_framework/parsers.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 361dfb77..d5cfaaf8 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -5,6 +5,8 @@ They give us a generic way of being able to handle various media types on the request, such as form content or json encoded data. """ +import six + from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError @@ -55,9 +57,10 @@ class JSONParser(BaseParser): `files` will always be `None`. """ try: - return json.load(stream) + data = stream.read().decode('iso-8859-1') + return json.loads(data) except ValueError as exc: - raise ParseError('JSON parse error - %s' % unicode(exc)) + raise ParseError('JSON parse error - %s' % six.text_type(exc)) class YAMLParser(BaseParser): @@ -75,9 +78,10 @@ class YAMLParser(BaseParser): `files` will always be `None`. """ try: - return yaml.safe_load(stream) + data = stream.read().decode('iso-8859-1') + return yaml.safe_load(data) except (ValueError, yaml.parser.ParserError) as exc: - raise ParseError('YAML parse error - %s' % unicode(exc)) + raise ParseError('YAML parse error - %s' % six.u(exc)) class FormParser(BaseParser): @@ -122,7 +126,7 @@ class MultiPartParser(BaseParser): data, files = parser.parse() return DataAndFiles(data, files) except MultiPartParserError as exc: - raise ParseError('Multipart form parse error - %s' % unicode(exc)) + raise ParseError('Multipart form parse error - %s' % six.u(exc)) class XMLParser(BaseParser): @@ -136,7 +140,7 @@ class XMLParser(BaseParser): try: tree = ET.parse(stream) except (ExpatError, ETParseError, ValueError) as exc: - raise ParseError('XML parse error - %s' % unicode(exc)) + raise ParseError('XML parse error - %s' % six.u(exc)) data = self._xml_convert(tree.getroot()) return data -- cgit v1.2.3 From 60250f22c8e144494f372338c16a2167cccb319d Mon Sep 17 00:00:00 2001 From: Xavier Ordoquy Date: Thu, 3 Jan 2013 11:41:07 +0100 Subject: Move the various compat things to the compat module. --- rest_framework/parsers.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index d5cfaaf8..7c01006a 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -5,14 +5,13 @@ They give us a generic way of being able to handle various media types on the request, such as form content or json encoded data. """ -import six - from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError from django.utils import simplejson as json from rest_framework.compat import yaml, ETParseError from rest_framework.exceptions import ParseError +from rest_framework.compat import six from xml.etree import ElementTree as ET from xml.parsers.expat import ExpatError import datetime -- cgit v1.2.3 From 97f2b994951605ffdef08159be450d1e77762bf9 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 19:51:50 +0000 Subject: Don't use deprecated xml style --- rest_framework/parsers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 4a2b34a5..b601156b 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -149,7 +149,7 @@ class XMLParser(BaseParser): convert the xml `element` into the corresponding python object """ - children = element.getchildren() + children = list(element) if len(children) == 0: return self._type_convert(element.text) -- cgit v1.2.3 From b052c92ac38f90e5b56cfd128cd4a488713c048e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 20:55:35 +0000 Subject: Cleanup imports Mostly adding `from __future__ import unicode_literals` everywhere. --- rest_framework/parsers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index b601156b..26009cdf 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -4,7 +4,7 @@ Parsers are used to parse the content of incoming HTTP requests. They give us a generic way of being able to handle various media types on the request, such as form content or json encoded data. """ - +from __future__ import unicode_literals from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError -- cgit v1.2.3 From 0a38bc9db8c7ad5c1a9c8429ac799260c7257a39 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 21:16:34 +0000 Subject: Deal with parser encodings properly --- rest_framework/parsers.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 26009cdf..98d63fec 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -5,6 +5,7 @@ They give us a generic way of being able to handle various media types on the request, such as form content or json encoded data. """ from __future__ import unicode_literals +from django.conf import settings from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError @@ -55,8 +56,11 @@ class JSONParser(BaseParser): `data` will be an object which is the parsed content of the response. `files` will always be `None`. """ + parser_context = parser_context or {} + encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) + try: - data = stream.read().decode('iso-8859-1') + data = stream.read().decode(encoding) return json.loads(data) except ValueError as exc: raise ParseError('JSON parse error - %s' % six.text_type(exc)) @@ -76,8 +80,11 @@ class YAMLParser(BaseParser): `data` will be an object which is the parsed content of the response. `files` will always be `None`. """ + parser_context = parser_context or {} + encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) + try: - data = stream.read().decode('iso-8859-1') + data = stream.read().decode(encoding) return yaml.safe_load(data) except (ValueError, yaml.parser.ParserError) as exc: raise ParseError('YAML parse error - %s' % six.u(exc)) @@ -97,7 +104,9 @@ class FormParser(BaseParser): `data` will be a :class:`QueryDict` containing all the form parameters. `files` will always be :const:`None`. """ - data = QueryDict(stream.read()) + parser_context = parser_context or {} + encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) + data = QueryDict(stream.read(), encoding=encoding) return data @@ -117,11 +126,12 @@ class MultiPartParser(BaseParser): """ parser_context = parser_context or {} request = parser_context['request'] + encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) meta = request.META upload_handlers = request.upload_handlers try: - parser = DjangoMultiPartParser(meta, stream, upload_handlers) + parser = DjangoMultiPartParser(meta, stream, upload_handlers, encoding) data, files = parser.parse() return DataAndFiles(data, files) except MultiPartParserError as exc: @@ -136,8 +146,11 @@ class XMLParser(BaseParser): media_type = 'application/xml' def parse(self, stream, media_type=None, parser_context=None): + parser_context = parser_context or {} + encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) + parser = ET.XMLParser(encoding=encoding) try: - tree = ET.parse(stream) + tree = ET.parse(stream, parser=parser) except (ExpatError, ETParseError, ValueError) as exc: raise ParseError('XML parse error - %s' % six.u(exc)) data = self._xml_convert(tree.getroot()) -- cgit v1.2.3 From 7dc4bce4e2d8bd21ba383ae1d62fdacf4998742e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 4 Feb 2013 21:35:47 +0000 Subject: Fix 2.6 compat --- rest_framework/parsers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 98d63fec..06b02226 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -9,7 +9,7 @@ from django.conf import settings from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError -from rest_framework.compat import yaml, ETParseError +from rest_framework.compat import yaml, ETParseError, ET_XMLParser from rest_framework.exceptions import ParseError from rest_framework.compat import six from xml.etree import ElementTree as ET @@ -148,7 +148,7 @@ class XMLParser(BaseParser): def parse(self, stream, media_type=None, parser_context=None): parser_context = parser_context or {} encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) - parser = ET.XMLParser(encoding=encoding) + parser = ET_XMLParser(encoding=encoding) try: tree = ET.parse(stream, parser=parser) except (ExpatError, ETParseError, ValueError) as exc: -- cgit v1.2.3 From dcee027fa97f015ff3b87f0fd72b7995cdd6e155 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Feb 2013 13:17:22 +0000 Subject: defusedxml for security fix. As per: http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html --- rest_framework/parsers.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 06b02226..7bbb5f94 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -9,11 +9,9 @@ from django.conf import settings from django.http import QueryDict from django.http.multipartparser import MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError -from rest_framework.compat import yaml, ETParseError, ET_XMLParser +from rest_framework.compat import yaml, etree from rest_framework.exceptions import ParseError from rest_framework.compat import six -from xml.etree import ElementTree as ET -from xml.parsers.expat import ExpatError import json import datetime import decimal @@ -80,6 +78,8 @@ class YAMLParser(BaseParser): `data` will be an object which is the parsed content of the response. `files` will always be `None`. """ + assert yaml, 'YAMLParser requires pyyaml to be installed' + parser_context = parser_context or {} encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) @@ -146,12 +146,14 @@ class XMLParser(BaseParser): media_type = 'application/xml' def parse(self, stream, media_type=None, parser_context=None): + assert etree, 'XMLParser requires defusedxml to be installed' + parser_context = parser_context or {} encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) - parser = ET_XMLParser(encoding=encoding) + parser = etree.DefusedXMLParser(encoding=encoding) try: - tree = ET.parse(stream, parser=parser) - except (ExpatError, ETParseError, ValueError) as exc: + tree = etree.parse(stream, parser=parser) + except (etree.ParseError, ValueError) as exc: raise ParseError('XML parse error - %s' % six.u(exc)) data = self._xml_convert(tree.getroot()) -- cgit v1.2.3 From 569c3a28e662ccef251acc6494047ec9c83556c2 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Feb 2013 19:41:09 +0000 Subject: Add forbid_dtd flag, since we don't need any DTDs. --- rest_framework/parsers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/parsers.py') diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index 7bbb5f94..491acd68 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -152,7 +152,7 @@ class XMLParser(BaseParser): encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET) parser = etree.DefusedXMLParser(encoding=encoding) try: - tree = etree.parse(stream, parser=parser) + tree = etree.parse(stream, parser=parser, forbid_dtd=True) except (etree.ParseError, ValueError) as exc: raise ParseError('XML parse error - %s' % six.u(exc)) data = self._xml_convert(tree.getroot()) -- cgit v1.2.3