summaryrefslogtreecommitdiffstats
path: root/Lib/cgi.py
Commit message (Collapse)AuthorAgeFilesLines
* Bug #1457823: cgi.(Sv)FormContentDict's constructor now takesGeorg Brandl2006-09-301-2/+4
| | | | keep_blank_values and strict_parsing keyword arguments.
* Chris McDonough's patch to defend against certain DoS attacks on FieldStorage.Guido van Rossum2006-08-101-5/+15
| | | | SF bug #1112549.
* Reverted revision 1.83, which introduced a bug and subtle incompatibilityArmin Rigo2005-09-191-8/+6
| | | | issues. See bug #1112856.
* Bring cgi.escape docstring slightly more in line with the library refSkip Montanaro2005-08-021-1/+3
| | | | manual. Closes #1243553.
* Patch #1079734: remove dependencies on (deprecated) rfc822 and mimetoolsJohannes Gijsbers2005-01-081-7/+9
| | | | modules, replacing with email. Thanks to Josh Hoyt for the patch!
* Remove some lambdas.Raymond Hettinger2004-12-311-3/+4
|
* Use cStringIO where available.Raymond Hettinger2004-12-311-1/+4
|
* Let cgi.parse_header() properly unquote headers (patch #1008597).Johannes Gijsbers2004-08-141-0/+1
|
* Don't return spurious empty fields if 'keep_empty_values' is True.Neil Schemenauer2004-07-191-0/+2
| | | | Fixes SF bug #990307.
* Change parse_qsl() to accept control-name's with no equal sign (e.g., "name")Brett Cannon2004-03-211-1/+5
| | | | when keep_blank_values is true.
* Replace backticks with repr() or "%r"Walter Dörwald2004-02-121-10/+9
| | | | From SF patch #852334.
* Get rid of many apply() calls.Guido van Rossum2003-02-271-1/+1
|
* Patch suggested by Hamish Lawson: add an __iter__() that returnsGuido van Rossum2002-09-111-0/+3
| | | | iter(self.keys()).
* Code modernization. Replace v=s[i]; del s[i] with single lookup v=s.pop(i)Raymond Hettinger2002-06-301-2/+1
|
* SF 563203. Replaced 'has_key()' with 'in'.Raymond Hettinger2002-06-011-25/+33
|
* Use is None rather than general booleanRaymond Hettinger2002-05-311-1/+1
|
* Convert a pile of obvious "yes/no" functions to return bool.Tim Peters2002-04-041-2/+2
|
* tighten up except - only ValueError can be raised in this situationSkip Montanaro2002-03-231-1/+1
|
* SF #515006, remove unnecessary importNeal Norwitz2002-02-111-1/+0
|
* "ib" should be "boundary"; reported by Neal Norwitz.Fred Drake2001-10-131-1/+1
|
* Class FieldStorage: add two new methods, getfirst() and getlist(),Guido van Rossum2001-09-051-0/+22
| | | | | | that provide a somewhat more uniform interface to getting values. This is from SF patch #453691.
* Whitespace normalization.Tim Peters2001-08-091-3/+3
|
* Fix a denial-of-service attack, SF bug #443120.Guido van Rossum2001-07-251-4/+14
| | | | Code by Evan Simpson.
* Solve SF bug #231249: cgi.py opens too many (temporary) files.Guido van Rossum2001-06-291-4/+12
| | | | | | | | | | | | | | | | | | | | | | class FieldStorage: this patch changes read_lines() and co. to use a StringIO() instead of a real file. The write() calls are redirected to a private method that replaces it with a real, external file only when it gets too big (> 1000 bytes). This avoids problems in forms using the multipart/form-data encoding with many fields. The original code created a temporary file for *every* field (not just for file upload fields), thereby sometimes exceeding the open file limit of some systems. Note that the simpler solution "use a real file only for file uploads" can't be used because the form field parser has no way to tell which fields correspond to file uploads. It's *possible* but extremely unlikely that this would break someone's code; they would have to be stepping way outside the documented interface for FieldStorage and use f.file.fileno(), or depend on overriding make_file() to return a file-like object with additional known properties.
* Add a whole lot of stuff to __all__.Guido van Rossum2001-03-191-3/+6
| | | | | (Excluding the logging stuff, which doesn't lend itself to use via "from cgi import *" -- it manipulates globals.)
* added missing element to __all__Skip Montanaro2001-02-281-1/+2
|
* Added a comment explaining why this file must really have #!Guido van Rossum2001-02-131-0/+9
| | | | /usr/local/bin/python and not #! /usr/bin/env python.
* String method conversion.Eric S. Raymond2001-02-091-27/+26
|
* added __all__ lists to a number of Python modulesSkip Montanaro2001-01-201-0/+2
| | | | | | | | added test script and expected output file as well this closes patch 103297. __all__ attributes will be added to other modules without first submitting a patch, just adding the necessary line to the test script to verify more-or-less correct implementation.
* Whitespace normalization.Tim Peters2001-01-141-27/+27
|
* Make Traceback header conform to new traceback ("innermost last" ->Guido van Rossum2000-12-271-1/+1
| | | | "most recent call last").
* This fixes several bug reports concering memory bloating during largeBarry Warsaw2000-11-061-5/+1
| | | | | | | | | | | | | | | | | | | file uploads. In response to SF bugs 110674 and 119806, and discussions on python-dev, we are removing the self.lines attribute from the FieldStorage class. Specifically touched where methods __init__(), read_lines_to_eof(), and skip_lines(). No one can remember why self.lines was added. Technically, it's part of the public interface for the class, but it was never documented. It's possible clever or nosy code will break because of this, but it was decided to remove it and see who complains. This resolution also closes the second half of the cgi.py entry in PEP 42. The first half of that PEP concerns specifically binary file uploads, where there may be no end-of-line marker for a very long time. This patch does not address that issue.
* Undo Ping's change.Guido van Rossum2000-10-031-1/+1
| | | | | | | | | CGI scripts should *not* use /usr/bin/env, since on systems that don't come standard with Python installed, Python isn't on the default $PATH. Too bad that this breaks on Linux, where Python is in /usr/bin which is on the default path -- the point is that you must manually edit your CGI scripts when you install them.
* Change first line to #!/usr/bin/env python (really just to test check-in).Ka-Ping Yee2000-10-031-1/+1
|
* Patch #101121, by Ka-Ping Yee: cosmetic cleanup of cgi.py, using myGuido van Rossum2000-09-191-37/+37
| | | | | | | | | | | | style conventions. (Ping has checkin privileges but apparently ignores them at the moment.) Ping improves a few doc strings and fixes style violations like foo ( bar ). An addition of my own: rearrange the printing of various items in test() so that the (long) environment comes at the end. This avoids having to scroll if you want to see the current directory or command line arguments.
* Improve the test output a bit.Guido van Rossum2000-09-161-2/+4
|
* fix bug #110661 (PR#356) -- accept either & or ; as separator for CGIJeremy Hylton2000-09-151-16/+15
| | | | | | query string also some doc string reformatting and use of string methods instead of older string.splitfields
* Closing patch #101120 -- After everyone agreed.Moshe Zadka2000-08-251-23/+23
|
* Remove very long doc string (it's all in the docs)Jeremy Hylton2000-08-031-399/+3
| | | | | Modify parse_qsl to interpret 'a=b=c' as key 'a' and value 'b=c' (which matches Perl's CGI.pm)
* Spelling fixes supplied by Rob W. W. Hooft. All these are fixes in eitherThomas Wouters2000-07-161-6/+6
| | | | | | | | | | comments, docstrings or error messages. I fixed two minor things in test_winreg.py ("didn't" -> "Didn't" and "Didnt" -> "Didn't"). There is a minor style issue involved: Guido seems to have preferred English grammar (behaviour, honour) in a couple places. This patch changes that to American, which is the more prominent style in the source. I prefer English myself, so if English is preferred, I'd be happy to supply a patch myself ;)
* Simple changes by Gerrit Holl - move author acknowledgements out ofGuido van Rossum2000-02-281-15/+14
| | | | docstrings into comments.
* Fix a broken r.append(name, value) call, spotted by Tim.Guido van Rossum2000-02-251-1/+1
|
* After more discussion with Jim, change the behavior so that only aGuido van Rossum1999-06-111-9/+1
| | | | | *missing* content-type at the outer level of a POST defaults to urlencoded. In all other circumstances, the default is read_singe().
* Patch by Jim Fulton: new function parse_qsl(), which is likeGuido van Rossum1999-06-041-13/+44
| | | | | parse_qs() but returns a list of (name, value) pairs -- which is actually more correct. Use this where it makes sense.
* At Jim Fulton's request (actually, as a compromise :-), default theGuido van Rossum1999-06-021-2/+2
| | | | | | content-type to application/x-www-form-urlencoded only when the method is POST. Ditto for when the content-type is unrecognized -- only fall back to urlencoded with POST.
* FieldStorage.__init__(): if there is no content-type header, useBarry Warsaw1999-01-081-2/+24
| | | | | | | | | | text/plain for inner parts, but application/x-www-form-urlencoded for outer parts. Honor any existing content-type header. Lower down, if the content-type header is something we don't understand (say because it there was a typo in the header coming from the client), default to text/plain for inner parts, but application/x-www-form-urlencoded for outer parts.
* In read_multi, allow a subclass to override the class we instantiateGuido van Rossum1998-12-091-4/+7
| | | | | | when we create a recursive instance, by setting the class variable 'FieldStorageClass' to the desired class. By default, this is set to None, in which case we use self.__class__ (as before).
* Patch by Jim Fulton, who writes:Guido van Rossum1998-10-201-4/+6
| | | | | | | | | | | | | | """ The FieldStorage constructor calls the read_multi method. The read_multi method creates new FieldStorage objects, re-invoking the constructor (on the new objects). The problem is that the 'environ', 'keep_blank_values', and 'strict_parsing' arguments originally passed to the constructor are not propigated to the new object constructors. This causes os.environ to be used, leading to a miss-handling of the parts. I fixed this by passing these arguments to read_multi and then on to the constructor. See the context diff below. """
* Treat "HEAD" same as "GET", so that CGI scripts won't fail.Guido van Rossum1998-06-251-1/+1
|
* Be more careful than the previous patch. The default content-typeGuido van Rossum1998-06-111-1/+4
| | | | | | should only be set to application/x-www-form-urlencoded when the method is POST. E.g. for PUT, an empty default (defaulting to text/plain later) makes more sense.