Commit Graph

148 Commits

Author SHA1 Message Date
roger
d8cf3514dd
bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)
In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
2020-06-15 07:58:54 -07:00
Pierre Quentel
2d7cacacc3 bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (#10638)
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header

* Add Misc/NEWS.d/next file.

* Add rst formatting for NEWS.d/next file

* Reaplce assert by self.assertEqual
2019-09-11 12:05:53 +01:00
matthewbelisle-wf
b79b5c0949 bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
2018-10-23 01:14:35 -07:00
matthewbelisle-wf
209144831b bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
2018-10-19 03:52:59 -07:00
INADA Naoki
698865dcbb
bpo-33843: Remove deprecated stuff in cgi module (GH-7662) 2018-06-19 17:28:50 +09:00
Amber Brown
545c955be9 bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) 2018-05-14 18:11:55 -04:00
Pierre Quentel
cc3fa204d3 bpo-29979: Rewrite cgi.parse_multipart to make it consistent with FieldStorage (#991) 2017-05-08 05:08:34 -07:00
Serhiy Storchaka
2e576f5aec bpo-30144: Import collections ABC from collections.abc rather than collections. (#1263) 2017-04-24 09:05:00 +03:00
Martin Panter
1cd2772246 Issue #27105: Add cgi.test() to __all__, based on Jacek Kołodziej’s patch 2016-06-06 01:53:28 +00:00
Martin Panter
46f50726a0 Issue #27076: Doc, comment and tests spelling fixes
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Victor Stinner
1e26dc7ef6 (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:23:16 -07:00
Victor Stinner
6579459d4b cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:21:10 -07:00
Benjamin Peterson
0deefd5a94 merge 3.4 (#23801) 2015-03-29 16:45:19 -04:00
Donald Stufft
d90f8d10e0 Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage 2015-03-29 16:43:23 -04:00
Berker Peksag
bf5e9604cc Issue #20289: cgi.FieldStorage() now supports the context management protocol. 2015-02-06 10:21:37 +02:00
Benjamin Peterson
4d59a78786 remove unused argument (closes #21135) 2014-04-03 10:22:10 -04:00
Senthil Kumaran
d87346c0ce merge from 3.3
Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:22:21 -08:00
Senthil Kumaran
b4cbb92fbe Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:20:16 -08:00
Georg Brandl
12ec29f105 Closes #17335: remove no-op assignment. 2013-10-13 22:16:48 +02:00
Brett Cannon
f79126f373 Issue #18394: Explicitly close the file object cgi.FieldStorage
caches.

Eliminates the ResoureWarning raised during testing.

Patch also independently written by Vajrasky Kok.
2013-08-23 15:15:48 -04:00
Florent Xicluna
74a146d3ac Merge #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:46:28 +02:00
Florent Xicluna
331c3fd874 Issue #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:44:28 +02:00
Serhiy Storchaka
774bed7e60 Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:36:20 +03:00
Serhiy Storchaka
c7bfe0e42e Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:34:41 +03:00
Senthil Kumaran
42d8773df4 merge from 3.3
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:01:23 -08:00
Senthil Kumaran
c1a7c565aa merge from 3.2
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:00:26 -08:00
Senthil Kumaran
6b102f251f Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 02:50:15 -08:00
Andrew Svetlov
f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Andrew Svetlov
8b33dd8e54 Use OESeeror instead of os.error (#16720)
Patch by Serhiy Storchaka.
2012-12-24 19:58:48 +02:00
Andrew Svetlov
ad28c7f9da Issue #16706: get rid of os.error 2012-12-18 22:02:39 +02:00
Florent Xicluna
67317750af Issue #13248: turn 3.2's PendingDeprecationWarning into 3.3's DeprecationWarning (cgi, importlib, nntplib, smtpd). 2011-12-10 11:07:42 +01:00
Senthil Kumaran
294c231aa5 default - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:06:59 +08:00
Senthil Kumaran
1ef0c0349e 3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:05:44 +08:00
Victor Stinner
d33344a030 Add cgi.closelog() function to close the log file 2011-07-14 22:28:36 +02:00
Victor Stinner
f1c7ca93c1 cgi: use isinstance(x, list) instead of type(x) == type([]) 2011-01-14 13:08:27 +00:00
Victor Stinner
5c23b8e6ea Issue #4953: cgi.FieldStorage and cgi.parse() parse the request as bytes, not
as unicode, and accept binary files. Add encoding and errors attributes to
cgi.FieldStorage.
2011-01-14 13:05:21 +00:00
Georg Brandl
1f7fffb308 #2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00
Senthil Kumaran
30e86a4767 Fix Issue7007 - Use percent-encoded consistently instead of URL Encoded variations. Changes in Modules. 2010-08-09 20:01:35 +00:00
Benjamin Peterson
8c703a0ba6 Merged revisions 78844 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78844 | benjamin.peterson | 2010-03-11 16:03:45 -0600 (Thu, 11 Mar 2010) | 1 line

  revert r78842 cgi.py change
........
2010-03-11 22:05:58 +00:00
Benjamin Peterson
894197d9f1 Merged revisions 78841-78842 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78841 | benjamin.peterson | 2010-03-11 15:50:45 -0600 (Thu, 11 Mar 2010) | 1 line

  remove executable property from doc files
........
  r78842 | benjamin.peterson | 2010-03-11 15:53:25 -0600 (Thu, 11 Mar 2010) | 1 line

  use proper shebang lines
........
2010-03-11 21:55:56 +00:00
Philip Jenvey
a394f2dca3 #4351: more appropriate DeprecationWarning stacklevels 2009-05-08 03:57:12 +00:00
Fred Drake
9a0a65b524 Merged revisions 67528 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r67528 | fred.drake | 2008-12-04 13:25:17 -0500 (Thu, 04 Dec 2008) | 4 lines

  Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to
  support unusual filenames (such as those containing semi-colons) in
  Content-Disposition headers.
........
2008-12-04 19:24:50 +00:00
Facundo Batista
a27244bfa1 Added a warning filter to don't show the warning during
the tests. Also fixed the warning message in cgi.py
2008-09-09 02:43:19 +00:00
Facundo Batista
c469d4c3aa Issue 600362: Relocated parse_qs() and parse_qsl(), from the cgi module
to the urlparse one.  Added a DeprecationWarning in the old module, it
will be deprecated in the future.  Docs and tests updated.
2008-09-03 22:49:01 +00:00
Benjamin Peterson
dcf97b98ec Merged revisions 64434-64435,64440-64443,64445,64447-64448,64450,64452,64455,64461,64464,64466,64468 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r64434 | andrew.kuchling | 2008-06-20 18:13:58 -0500 (Fri, 20 Jun 2008) | 1 line

  Remove request for e-mail; it's unlikely these classes will be saved
........
  r64435 | andrew.kuchling | 2008-06-20 18:14:32 -0500 (Fri, 20 Jun 2008) | 1 line

  Grammar fixes
........
  r64440 | andrew.kuchling | 2008-06-21 08:29:12 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring typo
........
  r64441 | andrew.kuchling | 2008-06-21 08:47:20 -0500 (Sat, 21 Jun 2008) | 1 line

  Use repr() for bad input strings; this makes the empty string or binary characters more visible
........
  r64442 | andrew.kuchling | 2008-06-21 08:48:38 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring correction
........
  r64443 | georg.brandl | 2008-06-21 09:26:19 -0500 (Sat, 21 Jun 2008) | 2 lines

  Documentation fix.
........
  r64445 | facundo.batista | 2008-06-21 12:30:06 -0500 (Sat, 21 Jun 2008) | 3 lines


  Reviewed and updated the documentation. Fixes #3017.
........
  r64447 | facundo.batista | 2008-06-21 13:58:04 -0500 (Sat, 21 Jun 2008) | 6 lines


  Now a from submitted via POST that also has a query string
  will contain both FieldStorage and MiniFieldStorage items.

  Fixes #1817.
........
  r64448 | facundo.batista | 2008-06-21 14:48:19 -0500 (Sat, 21 Jun 2008) | 5 lines


  In the deprecated functions I added an alert to review
  specially a section of the subprocess documentation
  that helps with the replacing of those functionss.
........
  r64450 | georg.brandl | 2008-06-22 04:05:29 -0500 (Sun, 22 Jun 2008) | 2 lines

  Turn section references into proper cross-references.
........
  r64452 | facundo.batista | 2008-06-22 08:36:20 -0500 (Sun, 22 Jun 2008) | 5 lines


  Issue #2722. Now the char buffer to support the path string has
  not fixed length, it mallocs memory if needed. As a result, we
  don't have a maximum for the getcwd() method.
........
  r64455 | facundo.batista | 2008-06-22 10:27:10 -0500 (Sun, 22 Jun 2008) | 4 lines


  Issue 3164. Small fix to don't repeat a comparation
  without necessity.
........
  r64461 | georg.brandl | 2008-06-22 13:11:52 -0500 (Sun, 22 Jun 2008) | 2 lines

  #3085: Fix syntax error.
........
  r64464 | georg.brandl | 2008-06-22 13:31:54 -0500 (Sun, 22 Jun 2008) | 2 lines

  Expand docstrings of sqlite3 functions.
........
  r64466 | georg.brandl | 2008-06-22 14:07:59 -0500 (Sun, 22 Jun 2008) | 2 lines

  Write out "phi" consistently.
........
  r64468 | facundo.batista | 2008-06-22 14:35:24 -0500 (Sun, 22 Jun 2008) | 4 lines


  Just returning nothing instead of rising TestSkipped, because
  it makes the test fail in the trunk.loewis-sun buildbot.
........
2008-07-02 17:30:14 +00:00
Jeremy Hylton
1afc169616 Make a new urllib package .
It consists of code from urllib, urllib2, urlparse, and robotparser.
The old modules have all been removed.  The new package has five
submodules: urllib.parse, urllib.request, urllib.response,
urllib.error, and urllib.robotparser.  The urllib.request.urlopen()
function uses the url opener from urllib2.

Note that the unittests have not been renamed for the
beta, but they will be renamed in the future.

Joint work with Senthil Kumaran.
2008-06-18 20:49:58 +00:00
Benjamin Peterson
ab82a97b73 remove a mimetools import 2008-06-12 17:36:10 +00:00
Barry Warsaw
820c120059 Patch for issue 2848, mostly by Humberto Diogenes, with a couple of
small fixes by Barry.  This removes mimetools from the stdlib.
2008-06-12 04:06:45 +00:00
Barry Warsaw
596097e0bc Patch by Humberto Diogenes for issue 2849, removing rfc822 module from
the standard library.  There are still a few cases of it in Demo and
Tools, but that's fine for now.  These should eventually get cleaned
up.  mimetools still has an import of rfc822, but mimetools itself
should go away.
2008-06-12 02:38:51 +00:00
Georg Brandl
49d1b4f919 Remove old backwards-compatibility classes from the cgi module. 2008-05-11 21:42:51 +00:00