Commit Graph

85 Commits

Author SHA1 Message Date
Armin Rigo
3a703b6059 Reverted revision 1.83, which introduced a bug and subtle incompatibility
issues.  See bug #1112856.
2005-09-19 09:11:04 +00:00
Skip Montanaro
97b2fa229c Bring cgi.escape docstring slightly more in line with the library ref
manual.  Closes #1243553.
2005-08-02 02:50:25 +00:00
Johannes Gijsbers
c7fc10a418 Patch #1079734: remove dependencies on (deprecated) rfc822 and mimetools
modules, replacing with email. Thanks to Josh Hoyt for the patch!
2005-01-08 13:56:36 +00:00
Raymond Hettinger
f871d833dd Remove some lambdas. 2004-12-31 21:59:02 +00:00
Raymond Hettinger
a617271dbd Use cStringIO where available. 2004-12-31 19:15:26 +00:00
Johannes Gijsbers
9e15dd6861 Let cgi.parse_header() properly unquote headers (patch #1008597). 2004-08-14 15:39:34 +00:00
Neil Schemenauer
66edb6295f Don't return spurious empty fields if 'keep_empty_values' is True.
Fixes SF bug #990307.
2004-07-19 15:38:11 +00:00
Brett Cannon
8d9b60f102 Change parse_qsl() to accept control-name's with no equal sign (e.g., "name")
when keep_blank_values is true.
2004-03-21 22:16:15 +00:00
Walter Dörwald
70a6b49821 Replace backticks with repr() or "%r"
From SF patch #852334.
2004-02-12 17:35:32 +00:00
Guido van Rossum
68468eba63 Get rid of many apply() calls. 2003-02-27 20:14:51 +00:00
Guido van Rossum
4061cbee9c Patch suggested by Hamish Lawson: add an __iter__() that returns
iter(self.keys()).
2002-09-11 18:20:34 +00:00
Raymond Hettinger
46ac8eb3c8 Code modernization. Replace v=s[i]; del s[i] with single lookup v=s.pop(i) 2002-06-30 03:39:14 +00:00
Raymond Hettinger
54f0222547 SF 563203. Replaced 'has_key()' with 'in'. 2002-06-01 14:18:47 +00:00
Raymond Hettinger
a144900b86 Use is None rather than general boolean 2002-05-31 23:54:44 +00:00
Tim Peters
bc0e910826 Convert a pile of obvious "yes/no" functions to return bool. 2002-04-04 22:55:58 +00:00
Skip Montanaro
db5d1444a1 tighten up except - only ValueError can be raised in this situation 2002-03-23 05:50:17 +00:00
Neal Norwitz
7fd41ccdb1 SF #515006, remove unnecessary import 2002-02-11 17:57:55 +00:00
Fred Drake
4c85da4d16 "ib" should be "boundary"; reported by Neal Norwitz. 2001-10-13 18:38:53 +00:00
Guido van Rossum
1bfb388d86 Class FieldStorage: add two new methods, getfirst() and getlist(),
that provide a somewhat more uniform interface to getting values.

This is from SF patch #453691.
2001-09-05 19:45:34 +00:00
Tim Peters
ab9ba27dc0 Whitespace normalization. 2001-08-09 21:40:30 +00:00
Guido van Rossum
2e441f7836 Fix a denial-of-service attack, SF bug #443120.
Code by Evan Simpson.
2001-07-25 21:00:19 +00:00
Guido van Rossum
52b8c29ca7 Solve SF bug #231249: cgi.py opens too many (temporary) files.
class FieldStorage: this patch changes read_lines() and co. to use a
StringIO() instead of a real file.  The write() calls are redirected
to a private method that replaces it with a real, external file only
when it gets too big (> 1000 bytes).

This avoids problems in forms using the multipart/form-data encoding
with many fields.  The original code created a temporary file for
*every* field (not just for file upload fields), thereby sometimes
exceeding the open file limit of some systems.

Note that the simpler solution "use a real file only for file uploads"
can't be used because the form field parser has no way to tell which
fields correspond to file uploads.

It's *possible* but extremely unlikely that this would break someone's
code; they would have to be stepping way outside the documented
interface for FieldStorage and use f.file.fileno(), or depend on
overriding make_file() to return a file-like object with additional
known properties.
2001-06-29 13:06:06 +00:00
Guido van Rossum
a8423a95b8 Add a whole lot of stuff to __all__.
(Excluding the logging stuff, which doesn't lend itself to use via
"from cgi import *" -- it manipulates globals.)
2001-03-19 13:40:44 +00:00
Skip Montanaro
ff443a51eb added missing element to __all__ 2001-02-28 01:03:48 +00:00
Guido van Rossum
467d723bd7 Added a comment explaining why this file must really have #!
/usr/local/bin/python and not #! /usr/bin/env python.
2001-02-13 13:13:33 +00:00
Eric S. Raymond
7e9b4f58b6 String method conversion. 2001-02-09 09:59:10 +00:00
Skip Montanaro
e99d5ea25b added __all__ lists to a number of Python modules
added test script and expected output file as well
this closes patch 103297.
__all__ attributes will be added to other modules without first submitting
a patch, just adding the necessary line to the test script to verify
more-or-less correct implementation.
2001-01-20 19:54:20 +00:00
Tim Peters
88869f9787 Whitespace normalization. 2001-01-14 23:36:06 +00:00
Guido van Rossum
7dd06966cb Make Traceback header conform to new traceback ("innermost last" ->
"most recent call last").
2000-12-27 19:12:58 +00:00
Barry Warsaw
7fed217515 This fixes several bug reports concering memory bloating during large
file uploads.

In response to SF bugs 110674 and 119806, and discussions on
python-dev, we are removing the self.lines attribute from the
FieldStorage class.  Specifically touched where methods __init__(),
read_lines_to_eof(), and skip_lines().

No one can remember why self.lines was added.  Technically, it's part
of the public interface for the class, but it was never documented.
It's possible clever or nosy code will break because of this, but it
was decided to remove it and see who complains.

This resolution also closes the second half of the cgi.py entry in PEP
42.  The first half of that PEP concerns specifically binary file
uploads, where there may be no end-of-line marker for a very long
time.  This patch does not address that issue.
2000-11-06 18:46:09 +00:00
Guido van Rossum
5191463276 Undo Ping's change.
CGI scripts should *not* use /usr/bin/env, since on systems that don't
come standard with Python installed, Python isn't on the default $PATH.

Too bad that this breaks on Linux, where Python is in /usr/bin which
is on the default path -- the point is that you must manually edit
your CGI scripts when you install them.
2000-10-03 13:51:09 +00:00
Ka-Ping Yee
099e534fa4 Change first line to #!/usr/bin/env python (really just to test check-in). 2000-10-03 08:32:00 +00:00
Guido van Rossum
a3c6a8a30e Patch #101121, by Ka-Ping Yee: cosmetic cleanup of cgi.py, using my
style conventions.  (Ping has checkin privileges but apparently
ignores them at the moment.)

Ping improves a few doc strings and fixes style violations like foo ( bar ).

An addition of my own: rearrange the printing of various items in
test() so that the (long) environment comes at the end.  This avoids
having to scroll if you want to see the current directory or command
line arguments.
2000-09-19 04:11:46 +00:00
Guido van Rossum
57d51f2f1d Improve the test output a bit. 2000-09-16 21:16:01 +00:00
Jeremy Hylton
afde7e24b6 fix bug #110661 (PR#356) -- accept either & or ; as separator for CGI
query string
also some doc string reformatting and use of string methods instead of
    older string.splitfields
2000-09-15 20:06:57 +00:00
Moshe Zadka
a1a4b5916b Closing patch #101120 -- After everyone agreed. 2000-08-25 21:47:56 +00:00
Jeremy Hylton
c253d9a623 Remove very long doc string (it's all in the docs)
Modify parse_qsl to interpret 'a=b=c' as key 'a' and value 'b=c'
(which matches Perl's CGI.pm)
2000-08-03 20:57:44 +00:00
Thomas Wouters
7e47402264 Spelling fixes supplied by Rob W. W. Hooft. All these are fixes in either
comments, docstrings or error messages. I fixed two minor things in
test_winreg.py ("didn't" -> "Didn't" and "Didnt" -> "Didn't").

There is a minor style issue involved: Guido seems to have preferred English
grammar (behaviour, honour) in a couple places. This patch changes that to
American, which is the more prominent style in the source. I prefer English
myself, so if English is preferred, I'd be happy to supply a patch myself ;)
2000-07-16 12:04:32 +00:00
Guido van Rossum
98d9fd3e68 Simple changes by Gerrit Holl - move author acknowledgements out of
docstrings into comments.
2000-02-28 15:12:25 +00:00
Guido van Rossum
3af7b050a3 Fix a broken r.append(name, value) call, spotted by Tim. 2000-02-25 11:44:03 +00:00
Guido van Rossum
60a3bd8130 After more discussion with Jim, change the behavior so that only a
*missing* content-type at the outer level of a POST defaults to
urlencoded.  In all other circumstances, the default is read_singe().
1999-06-11 18:26:09 +00:00
Guido van Rossum
1946f0d6f2 Patch by Jim Fulton: new function parse_qsl(), which is like
parse_qs() but returns a list of (name, value) pairs -- which is
actually more correct.  Use this where it makes sense.
1999-06-04 17:54:39 +00:00
Guido van Rossum
ce900defc5 At Jim Fulton's request (actually, as a compromise :-), default the
content-type to application/x-www-form-urlencoded only when the method
is POST.  Ditto for when the content-type is unrecognized -- only
fall back to urlencoded with POST.
1999-06-02 18:44:22 +00:00
Barry Warsaw
302331a3b6 FieldStorage.__init__(): if there is no content-type header, use
text/plain for inner parts, but application/x-www-form-urlencoded
for outer parts.  Honor any existing content-type header.

Lower down, if the content-type header is something we don't
understand (say because it there was a typo in the header coming from
the client), default to text/plain for inner parts, but
application/x-www-form-urlencoded for outer parts.
1999-01-08 17:42:03 +00:00
Guido van Rossum
030d2ec16c In read_multi, allow a subclass to override the class we instantiate
when we create a recursive instance, by setting the class variable
'FieldStorageClass' to the desired class.  By default, this is set to
None, in which case we use self.__class__ (as before).
1998-12-09 22:16:46 +00:00
Guido van Rossum
f5745008d2 Patch by Jim Fulton, who writes:
"""
The FieldStorage constructor calls the read_multi method.  The read_multi
method creates new FieldStorage objects, re-invoking the constructor
(on the new objects).  The problem is that the 'environ', 'keep_blank_values',
and 'strict_parsing' arguments originally passed to the constructor are not
propigated to the new object constructors.  This causes os.environ to be used,
leading to a miss-handling of the parts.

I fixed this by passing these arguments to read_multi and then on to the
constructor.  See the context diff below.
"""
1998-10-20 14:43:02 +00:00
Guido van Rossum
01852838f3 Treat "HEAD" same as "GET", so that CGI scripts won't fail. 1998-06-25 02:40:17 +00:00
Guido van Rossum
cff311aa37 Be more careful than the previous patch. The default content-type
should only be set to application/x-www-form-urlencoded when the
method is POST.  E.g. for PUT, an empty default (defaulting to
text/plain later) makes more sense.
1998-06-11 14:06:59 +00:00
Guido van Rossum
dd47ec98e2 Default content-type to application/x-www-form-urlencoded at the top
level of a form.  This means that browsers that omit the content-type
header when sending a POST command aren't penalized so heavily.
1998-06-09 19:49:16 +00:00
Guido van Rossum
b1b4f94527 Make Tim O'Malley's requested change: in FieldStorage.__init__(), when
method='GET', always get the query string from environ['QUERY_STRING']
or sys.argv[1] -- ignore an explicitly passed in fp.
1998-05-08 19:55:51 +00:00