summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2015-03-29 20:45:19 (GMT)
committerBenjamin Peterson <benjamin@python.org>2015-03-29 20:45:19 (GMT)
commit0deefd5a9402e3bd13ed899f9b939062faf98114 (patch)
tree7fda9ee820a42082dc399dcb8e2b9033323d6291
parentf375b0a4d5a0362ca9b927e626a00c8328f3ac04 (diff)
parentd90f8d10e088657593fa753ecacab95845d378aa (diff)
downloadcpython-0deefd5a9402e3bd13ed899f9b939062faf98114.zip
cpython-0deefd5a9402e3bd13ed899f9b939062faf98114.tar.gz
cpython-0deefd5a9402e3bd13ed899f9b939062faf98114.tar.bz2
merge 3.4 (#23801)
-rwxr-xr-xLib/cgi.py9
-rw-r--r--Lib/test/test_cgi.py19
-rw-r--r--Misc/NEWS3
3 files changed, 29 insertions, 2 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index a55232e..4be28ba 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -699,8 +699,13 @@ class FieldStorage:
raise ValueError("%s should return bytes, got %s" \
% (self.fp, type(first_line).__name__))
self.bytes_read += len(first_line)
- # first line holds boundary ; ignore it, or check that
- # b"--" + ib == first_line.strip() ?
+
+ # Ensure that we consume the file until we've hit our inner boundary
+ while (first_line.strip() != (b"--" + self.innerboundary) and
+ first_line):
+ first_line = self.fp.readline()
+ self.bytes_read += len(first_line)
+
while True:
parser = FeedParser()
hdr_text = b""
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index 715bd73..a7a9d02 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -248,6 +248,25 @@ class CgiTests(unittest.TestCase):
got = getattr(fs.list[x], k)
self.assertEqual(got, exp)
+ def test_fieldstorage_multipart_leading_whitespace(self):
+ env = {
+ 'REQUEST_METHOD': 'POST',
+ 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
+ 'CONTENT_LENGTH': '560'}
+ # Add some leading whitespace to our post data that will cause the
+ # first line to not be the innerboundary.
+ fp = BytesIO(b"\r\n" + POSTDATA.encode('latin-1'))
+ fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
+ self.assertEqual(len(fs.list), 4)
+ expect = [{'name':'id', 'filename':None, 'value':'1234'},
+ {'name':'title', 'filename':None, 'value':''},
+ {'name':'file', 'filename':'test.txt', 'value':b'Testing 123.\n'},
+ {'name':'submit', 'filename':None, 'value':' Add '}]
+ for x in range(len(fs.list)):
+ for k, exp in expect[x].items():
+ got = getattr(fs.list[x], k)
+ self.assertEqual(got, exp)
+
def test_fieldstorage_multipart_non_ascii(self):
#Test basic FieldStorage multipart parsing
env = {'REQUEST_METHOD':'POST',
diff --git a/Misc/NEWS b/Misc/NEWS
index 6402617..333f645 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -302,6 +302,9 @@ Library
- Issue #19705: turtledemo now has a visual sorting algorithm demo. Original
patch from Jason Yeo.
+- Issue #23801: Fix issue where cgi.FieldStorage did not always ignore the
+ entire preamble to a multipart body.
+
Build
-----