Commit Graph

153 Commits

Author SHA1 Message Date
Brett Cannon
cd29bd13ef
bpo-47061: deprecate cgi and cgitb (GH-32410)
Part of PEP 594.
2022-04-08 17:15:35 -07:00
Hugo van Kemenade
6c4e44ef8a
bpo-23952: Document cgi module's maxlen variable (GH-30338) 2022-02-06 05:59:32 -08:00
Inada Naoki
e52ab42ced
bpo-41139: Deprecate cgi.log() (GH-25625) 2021-04-29 11:36:04 +09:00
Adam Goldschmidt
fcbe0cb04d
bpo-42967: only use '&' as a query string separator (#24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().

urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.


Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>
2021-02-14 14:41:57 -08:00
Mike Lei
c143cc379c
Correct referenced RFC number in cgi module (GH-22827)
The quoted sentence can be found from the last paragraph of RFC 2046, Section 5.1, while the content of RFC 2026 is unrelated to this module.
2020-12-16 17:34:19 -08:00
roger
d8cf3514dd
bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)
In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
2020-06-15 07:58:54 -07:00
Pierre Quentel
2d7cacacc3 bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (#10638)
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header

* Add Misc/NEWS.d/next file.

* Add rst formatting for NEWS.d/next file

* Reaplce assert by self.assertEqual
2019-09-11 12:05:53 +01:00
matthewbelisle-wf
b79b5c0949 bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
2018-10-23 01:14:35 -07:00
matthewbelisle-wf
209144831b bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
2018-10-19 03:52:59 -07:00
INADA Naoki
698865dcbb
bpo-33843: Remove deprecated stuff in cgi module (GH-7662) 2018-06-19 17:28:50 +09:00
Amber Brown
545c955be9 bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) 2018-05-14 18:11:55 -04:00
Pierre Quentel
cc3fa204d3 bpo-29979: Rewrite cgi.parse_multipart to make it consistent with FieldStorage (#991) 2017-05-08 05:08:34 -07:00
Serhiy Storchaka
2e576f5aec bpo-30144: Import collections ABC from collections.abc rather than collections. (#1263) 2017-04-24 09:05:00 +03:00
Martin Panter
1cd2772246 Issue #27105: Add cgi.test() to __all__, based on Jacek Kołodziej’s patch 2016-06-06 01:53:28 +00:00
Martin Panter
46f50726a0 Issue #27076: Doc, comment and tests spelling fixes
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Victor Stinner
1e26dc7ef6 (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:23:16 -07:00
Victor Stinner
6579459d4b cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:21:10 -07:00
Benjamin Peterson
0deefd5a94 merge 3.4 (#23801) 2015-03-29 16:45:19 -04:00
Donald Stufft
d90f8d10e0 Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage 2015-03-29 16:43:23 -04:00
Berker Peksag
bf5e9604cc Issue #20289: cgi.FieldStorage() now supports the context management protocol. 2015-02-06 10:21:37 +02:00
Benjamin Peterson
4d59a78786 remove unused argument (closes #21135) 2014-04-03 10:22:10 -04:00
Senthil Kumaran
d87346c0ce merge from 3.3
Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:22:21 -08:00
Senthil Kumaran
b4cbb92fbe Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:20:16 -08:00
Georg Brandl
12ec29f105 Closes #17335: remove no-op assignment. 2013-10-13 22:16:48 +02:00
Brett Cannon
f79126f373 Issue #18394: Explicitly close the file object cgi.FieldStorage
caches.

Eliminates the ResoureWarning raised during testing.

Patch also independently written by Vajrasky Kok.
2013-08-23 15:15:48 -04:00
Florent Xicluna
74a146d3ac Merge #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:46:28 +02:00
Florent Xicluna
331c3fd874 Issue #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:44:28 +02:00
Serhiy Storchaka
774bed7e60 Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:36:20 +03:00
Serhiy Storchaka
c7bfe0e42e Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:34:41 +03:00
Senthil Kumaran
42d8773df4 merge from 3.3
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:01:23 -08:00
Senthil Kumaran
c1a7c565aa merge from 3.2
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:00:26 -08:00
Senthil Kumaran
6b102f251f Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 02:50:15 -08:00
Andrew Svetlov
f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Andrew Svetlov
8b33dd8e54 Use OESeeror instead of os.error (#16720)
Patch by Serhiy Storchaka.
2012-12-24 19:58:48 +02:00
Andrew Svetlov
ad28c7f9da Issue #16706: get rid of os.error 2012-12-18 22:02:39 +02:00
Florent Xicluna
67317750af Issue #13248: turn 3.2's PendingDeprecationWarning into 3.3's DeprecationWarning (cgi, importlib, nntplib, smtpd). 2011-12-10 11:07:42 +01:00
Senthil Kumaran
294c231aa5 default - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:06:59 +08:00
Senthil Kumaran
1ef0c0349e 3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:05:44 +08:00
Victor Stinner
d33344a030 Add cgi.closelog() function to close the log file 2011-07-14 22:28:36 +02:00
Victor Stinner
f1c7ca93c1 cgi: use isinstance(x, list) instead of type(x) == type([]) 2011-01-14 13:08:27 +00:00
Victor Stinner
5c23b8e6ea Issue #4953: cgi.FieldStorage and cgi.parse() parse the request as bytes, not
as unicode, and accept binary files. Add encoding and errors attributes to
cgi.FieldStorage.
2011-01-14 13:05:21 +00:00
Georg Brandl
1f7fffb308 #2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00
Senthil Kumaran
30e86a4767 Fix Issue7007 - Use percent-encoded consistently instead of URL Encoded variations. Changes in Modules. 2010-08-09 20:01:35 +00:00
Benjamin Peterson
8c703a0ba6 Merged revisions 78844 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78844 | benjamin.peterson | 2010-03-11 16:03:45 -0600 (Thu, 11 Mar 2010) | 1 line

  revert r78842 cgi.py change
........
2010-03-11 22:05:58 +00:00
Benjamin Peterson
894197d9f1 Merged revisions 78841-78842 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78841 | benjamin.peterson | 2010-03-11 15:50:45 -0600 (Thu, 11 Mar 2010) | 1 line

  remove executable property from doc files
........
  r78842 | benjamin.peterson | 2010-03-11 15:53:25 -0600 (Thu, 11 Mar 2010) | 1 line

  use proper shebang lines
........
2010-03-11 21:55:56 +00:00
Philip Jenvey
a394f2dca3 #4351: more appropriate DeprecationWarning stacklevels 2009-05-08 03:57:12 +00:00
Fred Drake
9a0a65b524 Merged revisions 67528 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r67528 | fred.drake | 2008-12-04 13:25:17 -0500 (Thu, 04 Dec 2008) | 4 lines

  Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to
  support unusual filenames (such as those containing semi-colons) in
  Content-Disposition headers.
........
2008-12-04 19:24:50 +00:00
Facundo Batista
a27244bfa1 Added a warning filter to don't show the warning during
the tests. Also fixed the warning message in cgi.py
2008-09-09 02:43:19 +00:00
Facundo Batista
c469d4c3aa Issue 600362: Relocated parse_qs() and parse_qsl(), from the cgi module
to the urlparse one.  Added a DeprecationWarning in the old module, it
will be deprecated in the future.  Docs and tests updated.
2008-09-03 22:49:01 +00:00
Benjamin Peterson
dcf97b98ec Merged revisions 64434-64435,64440-64443,64445,64447-64448,64450,64452,64455,64461,64464,64466,64468 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r64434 | andrew.kuchling | 2008-06-20 18:13:58 -0500 (Fri, 20 Jun 2008) | 1 line

  Remove request for e-mail; it's unlikely these classes will be saved
........
  r64435 | andrew.kuchling | 2008-06-20 18:14:32 -0500 (Fri, 20 Jun 2008) | 1 line

  Grammar fixes
........
  r64440 | andrew.kuchling | 2008-06-21 08:29:12 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring typo
........
  r64441 | andrew.kuchling | 2008-06-21 08:47:20 -0500 (Sat, 21 Jun 2008) | 1 line

  Use repr() for bad input strings; this makes the empty string or binary characters more visible
........
  r64442 | andrew.kuchling | 2008-06-21 08:48:38 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring correction
........
  r64443 | georg.brandl | 2008-06-21 09:26:19 -0500 (Sat, 21 Jun 2008) | 2 lines

  Documentation fix.
........
  r64445 | facundo.batista | 2008-06-21 12:30:06 -0500 (Sat, 21 Jun 2008) | 3 lines


  Reviewed and updated the documentation. Fixes #3017.
........
  r64447 | facundo.batista | 2008-06-21 13:58:04 -0500 (Sat, 21 Jun 2008) | 6 lines


  Now a from submitted via POST that also has a query string
  will contain both FieldStorage and MiniFieldStorage items.

  Fixes #1817.
........
  r64448 | facundo.batista | 2008-06-21 14:48:19 -0500 (Sat, 21 Jun 2008) | 5 lines


  In the deprecated functions I added an alert to review
  specially a section of the subprocess documentation
  that helps with the replacing of those functionss.
........
  r64450 | georg.brandl | 2008-06-22 04:05:29 -0500 (Sun, 22 Jun 2008) | 2 lines

  Turn section references into proper cross-references.
........
  r64452 | facundo.batista | 2008-06-22 08:36:20 -0500 (Sun, 22 Jun 2008) | 5 lines


  Issue #2722. Now the char buffer to support the path string has
  not fixed length, it mallocs memory if needed. As a result, we
  don't have a maximum for the getcwd() method.
........
  r64455 | facundo.batista | 2008-06-22 10:27:10 -0500 (Sun, 22 Jun 2008) | 4 lines


  Issue 3164. Small fix to don't repeat a comparation
  without necessity.
........
  r64461 | georg.brandl | 2008-06-22 13:11:52 -0500 (Sun, 22 Jun 2008) | 2 lines

  #3085: Fix syntax error.
........
  r64464 | georg.brandl | 2008-06-22 13:31:54 -0500 (Sun, 22 Jun 2008) | 2 lines

  Expand docstrings of sqlite3 functions.
........
  r64466 | georg.brandl | 2008-06-22 14:07:59 -0500 (Sun, 22 Jun 2008) | 2 lines

  Write out "phi" consistently.
........
  r64468 | facundo.batista | 2008-06-22 14:35:24 -0500 (Sun, 22 Jun 2008) | 4 lines


  Just returning nothing instead of rising TestSkipped, because
  it makes the test fail in the trunk.loewis-sun buildbot.
........
2008-07-02 17:30:14 +00:00