Do not include uploads in request.POST (#4407)

tomchristie · web-flow · commit 101fd29039dc · 2016-08-15T16:53:17.000+01:00
diff --git a/rest_framework/request.py b/rest_framework/request.py
@@ -373,7 +373,7 @@ def POST(self):
         if not _hasattr(self, '_data'):
             self._load_data_and_files()
         if is_form_media_type(self.content_type):
-            return self.data
+            return self._data
         return QueryDict('', encoding=self._request._encoding)
 
     @property
diff --git a/tests/test_request.py b/tests/test_request.py
@@ -7,6 +7,7 @@
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.models import User
 from django.contrib.sessions.middleware import SessionMiddleware
+from django.core.files.uploadedfile import SimpleUploadedFile
 from django.test import TestCase, override_settings
 from django.utils import six
 
@@ -78,6 +79,16 @@ def test_request_POST_with_form_content(self):
         request.parsers = (FormParser(), MultiPartParser())
         self.assertEqual(list(request.POST.items()), list(data.items()))
 
+    def test_request_POST_with_files(self):
+        """
+        Ensure request.POST returns no content for POST request with file content.
+        """
+        upload = SimpleUploadedFile("file.txt", b"file_content")
+        request = Request(factory.post('/', {'upload': upload}))
+        request.parsers = (FormParser(), MultiPartParser())
+        self.assertEqual(list(request.POST.keys()), [])
+        self.assertEqual(list(request.FILES.keys()), ['upload'])
+
     def test_standard_behaviour_determines_form_content_PUT(self):
         """
         Ensure request.data returns content for PUT request with form content.
