diff options
| author | matthewbelisle-wf <matthew.belisle@workiva.com> | 2018-10-23 08:14:35 (GMT) |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-10-23 08:14:35 (GMT) |
| commit | b79b5c09493e98374e48fa122d82dab528fc6e72 (patch) | |
| tree | 6ade2e36fa33a07aee88cbcec162c8f885e18a81 | |
| parent | b7d62050e7d5fc208ae7673613da4f1f2bc565c4 (diff) | |
| download | cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.zip cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.gz cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.bz2 | |
bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
| -rwxr-xr-x | Lib/cgi.py | 23 | ||||
| -rw-r--r-- | Lib/test/test_cgi.py | 19 |
2 files changed, 24 insertions, 18 deletions
@@ -618,6 +618,11 @@ class FieldStorage: first_line = self.fp.readline() self.bytes_read += len(first_line) + # Propagate max_num_fields into the sub class appropriately + max_num_fields = self.max_num_fields + if max_num_fields is not None: + max_num_fields -= len(self.list) + while True: parser = FeedParser() hdr_text = b"" @@ -637,23 +642,19 @@ class FieldStorage: if 'content-length' in headers: del headers['content-length'] - # Propagate max_num_fields into the sub class appropriately - sub_max_num_fields = self.max_num_fields - if sub_max_num_fields is not None: - sub_max_num_fields -= len(self.list) - part = klass(self.fp, headers, ib, environ, keep_blank_values, strict_parsing,self.limit-self.bytes_read, - self.encoding, self.errors, sub_max_num_fields) + self.encoding, self.errors, max_num_fields) - max_num_fields = self.max_num_fields - if max_num_fields is not None and part.list: - max_num_fields -= len(part.list) + if max_num_fields is not None: + max_num_fields -= 1 + if part.list: + max_num_fields -= len(part.list) + if max_num_fields < 0: + raise ValueError('Max number of fields exceeded') self.bytes_read += part.bytes_read self.list.append(part) - if max_num_fields is not None and max_num_fields < len(self.list): - raise ValueError('Max number of fields exceeded') if part.done or self.bytes_read >= self.length > 0: break self.skip_lines() diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index 8ea9d6a..b86638e 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -401,33 +401,38 @@ Larry data = """---123 Content-Disposition: form-data; name="a" -a +3 ---123 Content-Type: application/x-www-form-urlencoded -a=a&a=a +a=4 +---123 +Content-Type: application/x-www-form-urlencoded + +a=5 ---123-- """ environ = { 'CONTENT_LENGTH': str(len(data)), 'CONTENT_TYPE': 'multipart/form-data; boundary=-123', - 'QUERY_STRING': 'a=a&a=a', + 'QUERY_STRING': 'a=1&a=2', 'REQUEST_METHOD': 'POST', } # 2 GET entities - # 2 top level POST entities - # 2 entities within the second POST entity + # 1 top level POST entities + # 1 entity within the second POST entity + # 1 entity within the third POST entity with self.assertRaises(ValueError): cgi.FieldStorage( fp=BytesIO(data.encode()), environ=environ, - max_num_fields=5, + max_num_fields=4, ) cgi.FieldStorage( fp=BytesIO(data.encode()), environ=environ, - max_num_fields=6, + max_num_fields=5, ) def testQSAndFormData(self): |