summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@gmail.com>2015-08-18 17:21:10 (GMT)
committerVictor Stinner <victor.stinner@gmail.com>2015-08-18 17:21:10 (GMT)
commit6579459d4b10b8eef47e5de609de4aa54999fb06 (patch)
tree3d5f31876ee2727a32c8b152a8da03de41f59b0f
parent2053aa119318c6bc931fff1cd76c1ab624e49232 (diff)
downloadcpython-6579459d4b10b8eef47e5de609de4aa54999fb06.zip
cpython-6579459d4b10b8eef47e5de609de4aa54999fb06.tar.gz
cpython-6579459d4b10b8eef47e5de609de4aa54999fb06.tar.bz2
cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length header in part headers. Patch written by Peter Landry and reviewed by Pierre Quentel.
-rwxr-xr-xLib/cgi.py5
-rw-r--r--Lib/test/test_cgi.py19
-rw-r--r--Misc/ACKS1
-rw-r--r--Misc/NEWS4
4 files changed, 29 insertions, 0 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index 6959c9e..45badf6 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -714,6 +714,11 @@ class FieldStorage:
self.bytes_read += len(hdr_text)
parser.feed(hdr_text.decode(self.encoding, self.errors))
headers = parser.close()
+
+ # Some clients add Content-Length for part headers, ignore them
+ if 'content-length' in headers:
+ del headers['content-length']
+
part = klass(self.fp, headers, ib, environ, keep_blank_values,
strict_parsing,self.limit-self.bytes_read,
self.encoding, self.errors)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index d2c326b..6b28106 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -326,6 +326,25 @@ Content-Type: text/plain
got = getattr(files[x], k)
self.assertEqual(got, exp)
+ def test_fieldstorage_part_content_length(self):
+ BOUNDARY = "JfISa01"
+ POSTDATA = """--JfISa01
+Content-Disposition: form-data; name="submit-name"
+Content-Length: 5
+
+Larry
+--JfISa01"""
+ env = {
+ 'REQUEST_METHOD': 'POST',
+ 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
+ 'CONTENT_LENGTH': str(len(POSTDATA))}
+ fp = BytesIO(POSTDATA.encode('latin-1'))
+ fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
+ self.assertEqual(len(fs.list), 1)
+ self.assertEqual(fs.list[0].name, 'submit-name')
+ self.assertEqual(fs.list[0].value, 'Larry')
+
+
_qs_result = {
'key1': 'value1',
'key2': ['value2x', 'value2y'],
diff --git a/Misc/ACKS b/Misc/ACKS
index 4a6f6b7..395b9e5 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -773,6 +773,7 @@ Thomas Lamb
Valerie Lambert
Jean-Baptiste "Jiba" Lamy
Ronan Lamy
+Peter Landry
Torsten Landschoff
Ɓukasz Langa
Tino Lange
diff --git a/Misc/NEWS b/Misc/NEWS
index 38e8031..70c3e1d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -75,6 +75,10 @@ Core and Builtins
Library
-------
+- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
+ header in part headers. Patch written by Peter Landry and reviewed by Pierre
+ Quentel.
+
- Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu.
- Issue #21159: Improve message in configparser.InterpolationMissingOptionError.