diff options
author | Christian Sattler <sattler.christian@gmail.com> | 2021-12-12 08:41:12 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-12 08:41:12 (GMT) |
commit | e6fe10d34096a23be7d26271cf6aba429313b01d (patch) | |
tree | 09dbfe6bda0f9207031b376a6a384f7a2fe2d0ce | |
parent | 4325a766f5f603ef6dfb8c4d5798e5e73cb5efd5 (diff) | |
download | cpython-e6fe10d34096a23be7d26271cf6aba429313b01d.zip cpython-e6fe10d34096a23be7d26271cf6aba429313b01d.tar.gz cpython-e6fe10d34096a23be7d26271cf6aba429313b01d.tar.bz2 |
bpo-45874: Handle empty query string correctly in urllib.parse.parse_qsl (#29716)
-rw-r--r-- | Lib/test/test_cgi.py | 2 | ||||
-rw-r--r-- | Lib/urllib/parse.py | 5 | ||||
-rw-r--r-- | Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst | 3 |
3 files changed, 7 insertions, 3 deletions
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index c1b893d..06762f8 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -51,7 +51,7 @@ def do_test(buf, method): return ComparableException(err) parse_strict_test_cases = [ - ("", ValueError("bad query field: ''")), + ("", {}), ("&", ValueError("bad query field: ''")), ("&&", ValueError("bad query field: ''")), # Should the next few really be valid? diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py index bf16d0f..67ba308 100644 --- a/Lib/urllib/parse.py +++ b/Lib/urllib/parse.py @@ -740,12 +740,13 @@ def parse_qsl(qs, keep_blank_values=False, strict_parsing=False, # is less than max_num_fields. This prevents a memory exhaustion DOS # attack via post bodies with many fields. if max_num_fields is not None: - num_fields = 1 + qs.count(separator) + num_fields = 1 + qs.count(separator) if qs else 0 if max_num_fields < num_fields: raise ValueError('Max number of fields exceeded') r = [] - for name_value in qs.split(separator): + query_args = qs.split(separator) if qs else [] + for name_value in query_args: if not name_value and not strict_parsing: continue nv = name_value.split('=', 1) diff --git a/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst new file mode 100644 index 0000000..ef793cf --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst @@ -0,0 +1,3 @@ +The empty query string, consisting of no query arguments, is now handled +correctly in ``urllib.parse.parse_qsl``. This caused problems before when +strict parsing was enabled. |