django · agateblue · Feb 7, 2019 · Feb 7, 2019 · Feb 8, 2019 · jpic
diff --git a/channels/http.py b/channels/http.py
@@ -120,8 +120,11 @@ def __init__(self, scope, body):
  # TODO: chunked bodies
 
  # Limit the maximum request data size that will be handled in-memory.
+ # but only for non-multipart requests, because files are handled
+ # differently by django, see #1240
  if (
- settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None
+ self.content_type != "multipart/form-data"
+ and settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None
  and self._content_length > settings.DATA_UPLOAD_MAX_MEMORY_SIZE
  ):
  raise RequestDataTooBig(

diff --git a/tests/test_http.py b/tests/test_http.py
@@ -13,6 +13,24 @@
 from channels.sessions import SessionMiddlewareStack
 from channels.testing import HttpCommunicator
 
+BOUNDARY_WORD = b"BOUNDARY"
+BOUNDARY = b"--" + BOUNDARY_WORD + b"\r\n"
+END_BOUNDARY = b"--" + BOUNDARY_WORD + b"--"
+
+
+def MultipartAsgiRequest(body, **kwargs):
+ data = {
+ "http_version": "1.1",
+ "method": "POST",
+ "path": "/test/",
+ "headers": {
+ "content-type": b"multipart/form-data; boundary=" + BOUNDARY_WORD,
+ "content-length": str(len(body)).encode("ascii"),
+ },
+ }
+ data.update(kwargs)
+ return AsgiRequest(data, body)
+
 
 class RequestTests(unittest.TestCase):
  """
@@ -112,26 +130,15 @@ def test_post_files(self):
  Tests POSTing files using multipart form data.
  """
  body = (
- b"--BOUNDARY\r\n"
+ BOUNDARY
  + b'Content-Disposition: form-data; name="title"\r\n\r\n'
  + b"My First Book\r\n"
- + b"--BOUNDARY\r\n"
+ + BOUNDARY
  + b'Content-Disposition: form-data; name="pdf"; filename="book.pdf"\r\n\r\n'
  + b"FAKEPDFBYTESGOHERE"
- + b"--BOUNDARY--"
- )
- request = AsgiRequest(
- {
- "http_version": "1.1",
- "method": "POST",
- "path": "/test/",
- "headers": {
- "content-type": b"multipart/form-data; boundary=BOUNDARY",
- "content-length": str(len(body)).encode("ascii"),
- },
- },
- body,
+ + END_BOUNDARY
  )
+ request = MultipartAsgiRequest(body)
  self.assertEqual(request.method, "POST")
  self.assertEqual(len(request.body), len(body))
  self.assertTrue(request.META["CONTENT_TYPE"].startswith("multipart/form-data"))
@@ -182,6 +189,35 @@ def test_size_exceeded(self):
  b"",
  )
 
+ def test_size_check_ignore_files(self):
+ body = (
+ BOUNDARY
+ + b'Content-Disposition: form-data; name="title"\r\n\r\n'
+ + b"My First Book\r\n"
+ + BOUNDARY
+ + b'Content-Disposition: form-data; name="pdf"; filename="book.pdf"\r\n\r\n'
+ + b"FAKEPDFBYTESGOHERETHISISREALLYLONGBUTNOTUSEDTOCOMPUTETHESIZEOFTHEREQUEST"
+ + END_BOUNDARY
+ )
+ request = MultipartAsgiRequest(body)
+ with override_settings(DATA_UPLOAD_MAX_MEMORY_SIZE=60):
+ request.POST
+
+ def test_size_check_ignore_files_but_honor_other_post_data(self):
+ body = (
+ BOUNDARY
+ + b'Content-Disposition: form-data; name="title"\r\n\r\n'
+ + b"My First Book\r\n"
+ + BOUNDARY
+ + b'Content-Disposition: form-data; name="pdf"; filename="book.pdf"\r\n\r\n'
+ + b"FAKEPDFBYTESGOHERETHISISREALLYLONGBUTNOTUSEDTOCOMPUTETHESIZEOFTHEREQUEST"
+ + END_BOUNDARY
+ )
+ request = MultipartAsgiRequest(body)
+ with override_settings(DATA_UPLOAD_MAX_MEMORY_SIZE=1):
+ with pytest.raises(RequestDataTooBig):
+ request.POST
+
 
 ### Handler tests