diff options
author | Christian Heimes <christian@cheimes.de> | 2013-06-17 13:45:11 (GMT) |
---|---|---|
committer | Christian Heimes <christian@cheimes.de> | 2013-06-17 13:45:11 (GMT) |
commit | 9ce4f36aa1e901cd6d61209b37d18602d1e27cc7 (patch) | |
tree | c165a9591001cff7d67e1876471706a83671c89b /Lib | |
parent | 9a5395ae2b59b31d74fe3ad9c391d89802939d8c (diff) | |
parent | a5f004fe7d2f53f5e246003e4642353de1617cab (diff) | |
download | cpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.zip cpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.tar.gz cpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.tar.bz2 |
merge heads
Diffstat (limited to 'Lib')
-rwxr-xr-x | Lib/cgi.py | 9 | ||||
-rw-r--r-- | Lib/test/test_cgi.py | 23 |
2 files changed, 32 insertions, 0 deletions
@@ -786,6 +786,9 @@ class FieldStorage: if not line: self.done = -1 break + if delim == b"\r": + line = delim + line + delim = b"" if line.startswith(b"--") and last_line_lfend: strippedline = line.rstrip() if strippedline == next_boundary: @@ -802,6 +805,12 @@ class FieldStorage: delim = b"\n" line = line[:-1] last_line_lfend = True + elif line.endswith(b"\r"): + # We may interrupt \r\n sequences if they span the 2**16 + # byte boundary + delim = b"\r" + line = line[:-1] + last_line_lfend = False else: delim = b"" last_line_lfend = False diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index cb28aa8..0a1e8d3 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -256,6 +256,29 @@ class CgiTests(unittest.TestCase): got = getattr(fs.list[x], k) self.assertEqual(got, exp) + def test_fieldstorage_multipart_maxline(self): + # Issue #18167 + maxline = 1 << 16 + self.maxDiff = None + def check(content): + data = """---123 +Content-Disposition: form-data; name="upload"; filename="fake.txt" +Content-Type: text/plain + +%s +---123-- +""".replace('\n', '\r\n') % content + environ = { + 'CONTENT_LENGTH': str(len(data)), + 'CONTENT_TYPE': 'multipart/form-data; boundary=-123', + 'REQUEST_METHOD': 'POST', + } + self.assertEqual(gen_result(data, environ), + {'upload': content.encode('latin1')}) + check('x' * (maxline - 1)) + check('x' * (maxline - 1) + '\r') + check('x' * (maxline - 1) + '\r' + 'y' * (maxline - 1)) + _qs_result = { 'key1': 'value1', 'key2': ['value2x', 'value2y'], |