-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raise BadRequestKeyError in MultiDict.__getitem__ when internal list is empty #979
Comments
Why do you think this is better behavior? |
It's possible to set empty values list for specified key. And then if the consumer of the |
That makes sense. I'm leaning a bit more towards skipping empty lists in init |
I like that idea more. In the case of a multi dict, setting an empty list for the key seems equivalent to not setting the key at all. |
@davidism Do you mean remove key (if it already exists) if empty list was passed, right? If yes then the suggestion: The question is only about |
👍
Why?
That makes sense. I don't understand why |
To be clear, to me this is more about not letting MultiDict come in an invalid state where |
@untitaker Sorry about the second point I was inattentive. Actually yes. In this case it will have at least one value anyway |
If pass empty list to
But it could be already used like that:
In this case I just want show that setlistdefault could be extended later and I can't see now how to not allow to get invalid state for the |
Ah, I understand. I agree... in that case I guess the modification should be done in |
Normally, we're hesistant to issue an update for dependencies when we've already entered the release candidate(s) stage of the release process. In this case, the changes I'm adding are all minor bug fixes that I've reviewed. Two of the fixes were labeled as security issues, however, they don't really affect us as explained below. * Werkzeug * A bug that allowed XSS attacks on the debug page has been fixed (we don't run Flask in debug mode in production) - pallets/werkzeug#1001 * Invalid Content-Type makes for parsing throw ValueError exception (the fix returns an invalid request 400 Bad Request page instead of an internal server error when the content-type field of a HTTP request is bad--such as ' ' or ',') - pallets/werkzeug#995 * Raise BadRequestKeyError instead of IndexError in MultiDict when calling __getitem__ on a key with an empty associated list of values (Flask returns forms and query strings as MultiDicts. This is just better error-handling, no real bug being fixed here.) - pallets/werkzeug#979 * pytop * The string comparison function now no longer leaks string length (shouldn't affect SD because the length of our TOTP codes are already known) - pyauth/pyotp#28
I think that it would be logically to raise BadRequestKeyError there https://github.com/pallets/werkzeug/blob/master/werkzeug/datastructures.py#L402 when the list of values is empty.
The text was updated successfully, but these errors were encountered: