From 6579459d4b10b8eef47e5de609de4aa54999fb06 Mon Sep 17 00:00:00 2001
From: Victor Stinner <victor.stinner@gmail.com>
Date: Tue, 18 Aug 2015 10:21:10 -0700
Subject: cgi.FieldStorage.read_multi ignores Content-Length

Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
---
 Lib/cgi.py           |  5 +++++
 Lib/test/test_cgi.py | 19 +++++++++++++++++++
 Misc/ACKS            |  1 +
 Misc/NEWS            |  4 ++++
 4 files changed, 29 insertions(+)

diff --git a/Lib/cgi.py b/Lib/cgi.py
index 6959c9e..45badf6 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -714,6 +714,11 @@ class FieldStorage:
             self.bytes_read += len(hdr_text)
             parser.feed(hdr_text.decode(self.encoding, self.errors))
             headers = parser.close()
+
+            # Some clients add Content-Length for part headers, ignore them
+            if 'content-length' in headers:
+                del headers['content-length']
+
             part = klass(self.fp, headers, ib, environ, keep_blank_values,
                          strict_parsing,self.limit-self.bytes_read,
                          self.encoding, self.errors)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index d2c326b..6b28106 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -326,6 +326,25 @@ Content-Type: text/plain
                 got = getattr(files[x], k)
                 self.assertEqual(got, exp)
 
+    def test_fieldstorage_part_content_length(self):
+        BOUNDARY = "JfISa01"
+        POSTDATA = """--JfISa01
+Content-Disposition: form-data; name="submit-name"
+Content-Length: 5
+
+Larry
+--JfISa01"""
+        env = {
+            'REQUEST_METHOD': 'POST',
+            'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
+            'CONTENT_LENGTH': str(len(POSTDATA))}
+        fp = BytesIO(POSTDATA.encode('latin-1'))
+        fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
+        self.assertEqual(len(fs.list), 1)
+        self.assertEqual(fs.list[0].name, 'submit-name')
+        self.assertEqual(fs.list[0].value, 'Larry')
+
+
     _qs_result = {
         'key1': 'value1',
         'key2': ['value2x', 'value2y'],
diff --git a/Misc/ACKS b/Misc/ACKS
index 4a6f6b7..395b9e5 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -773,6 +773,7 @@ Thomas Lamb
 Valerie Lambert
 Jean-Baptiste "Jiba" Lamy
 Ronan Lamy
+Peter Landry
 Torsten Landschoff
 Łukasz Langa
 Tino Lange
diff --git a/Misc/NEWS b/Misc/NEWS
index 38e8031..70c3e1d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -75,6 +75,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
+  header in part headers. Patch written by Peter Landry and reviewed by Pierre
+  Quentel.
+
 - Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu.
 
 - Issue #21159: Improve message in configparser.InterpolationMissingOptionError.
-- 
cgit v0.12