<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>WSGI and readline(size) support (was: WSGI type tolerance)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Phillip J. Eby wrote:<BR>
> Oops. I just noticed that the ticket was about<BR>
> response headers, not CGI variables.<BR>
> ...<BR>
> I'll add:<BR>
> """Each ``header_name`` and ``header_value`` **must** be of StringType."""<BR>
<BR>
Great! Thanks very much. I'll have CherryPy deny non-strings.<BR>
<BR>
> I think I should also add some language regarding<BR>
> wsgiref in the stdlib, the importance of using<BR>
> wsgiref.validate, and a recommendation that servers<BR>
> not be any more "liberal in what they accept" than<BR>
> what the spec allows.<BR>
<BR>
Thanks for the tip. I've just run CherryPy's test suite through the validator, and discovered a conflict that could bite a lot of people soon.<BR>
<BR>
PEP 333 does not support the size argument to wsgi.input.readline(), stating that, "the optional "size" argument to readline() is not supported, as it may be complex for server authors to implement, and is not often used in practice."<BR>
<BR>
However, Python 2.5rc1 has fixed a DoS bug in cgi.FieldStorage by using readline(1<<16). See <A HREF="http://sourceforge.net/tracker/?func=detail&aid=1112549&group_id=5470&atid=105470">http://sourceforge.net/tracker/?func=detail&aid=1112549&group_id=5470&atid=105470</A>. CherryPy has had this patched for a year or so: <A HREF="http://www.cherrypy.org/ticket/127">http://www.cherrypy.org/ticket/127</A><BR>
<BR>
Now that wsgiref is in the stdlib, we should really fix either it or the cgi module so that there's no conflict. It may be "complex for server authors to implement" readline(size) support, but it's even more complex for application authors to re-implement FieldStorage. ;) For what it's worth, there was zero work to have CherryPy support readline(size); it's automatically provided by socket.makefile.<BR>
<BR>
<BR>
Robert Brewer<BR>
System Architect<BR>
Amor Ministries<BR>
fumanchu@amor.org</FONT>
</P>
</BODY>
</HTML>