diff options
author | Victor Stinner <victor.stinner@gmail.com> | 2015-08-18 17:21:10 (GMT) |
---|---|---|
committer | Victor Stinner <victor.stinner@gmail.com> | 2015-08-18 17:21:10 (GMT) |
commit | 6579459d4b10b8eef47e5de609de4aa54999fb06 (patch) | |
tree | 3d5f31876ee2727a32c8b152a8da03de41f59b0f | |
parent | 2053aa119318c6bc931fff1cd76c1ab624e49232 (diff) | |
download | cpython-6579459d4b10b8eef47e5de609de4aa54999fb06.zip cpython-6579459d4b10b8eef47e5de609de4aa54999fb06.tar.gz cpython-6579459d4b10b8eef47e5de609de4aa54999fb06.tar.bz2 |
cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
-rwxr-xr-x | Lib/cgi.py | 5 | ||||
-rw-r--r-- | Lib/test/test_cgi.py | 19 | ||||
-rw-r--r-- | Misc/ACKS | 1 | ||||
-rw-r--r-- | Misc/NEWS | 4 |
4 files changed, 29 insertions, 0 deletions
@@ -714,6 +714,11 @@ class FieldStorage: self.bytes_read += len(hdr_text) parser.feed(hdr_text.decode(self.encoding, self.errors)) headers = parser.close() + + # Some clients add Content-Length for part headers, ignore them + if 'content-length' in headers: + del headers['content-length'] + part = klass(self.fp, headers, ib, environ, keep_blank_values, strict_parsing,self.limit-self.bytes_read, self.encoding, self.errors) diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index d2c326b..6b28106 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -326,6 +326,25 @@ Content-Type: text/plain got = getattr(files[x], k) self.assertEqual(got, exp) + def test_fieldstorage_part_content_length(self): + BOUNDARY = "JfISa01" + POSTDATA = """--JfISa01 +Content-Disposition: form-data; name="submit-name" +Content-Length: 5 + +Larry +--JfISa01""" + env = { + 'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY), + 'CONTENT_LENGTH': str(len(POSTDATA))} + fp = BytesIO(POSTDATA.encode('latin-1')) + fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1") + self.assertEqual(len(fs.list), 1) + self.assertEqual(fs.list[0].name, 'submit-name') + self.assertEqual(fs.list[0].value, 'Larry') + + _qs_result = { 'key1': 'value1', 'key2': ['value2x', 'value2y'], @@ -773,6 +773,7 @@ Thomas Lamb Valerie Lambert Jean-Baptiste "Jiba" Lamy Ronan Lamy +Peter Landry Torsten Landschoff Ćukasz Langa Tino Lange @@ -75,6 +75,10 @@ Core and Builtins Library ------- +- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length + header in part headers. Patch written by Peter Landry and reviewed by Pierre + Quentel. + - Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu. - Issue #21159: Improve message in configparser.InterpolationMissingOptionError. |