[New-bugs-announce] [issue23952] Document the 'maxlen' member of the cgi module
Rob King
report at bugs.python.org
Tue Apr 14 19:58:05 CEST 2015
New submission from Rob King:
The cgi module has a global variable, 'maxlen', that specifies the maximum length of a POST request. By default, this limit is 0, meaning an unlimited POST request size.
Having an unlimited default opens up CGI scripts to resource-exhaustion attacks. Setting the maxlen variable to a nonzero integer solves this problem, but this fix is not in the official documentation - neither the reference manual nor the module's docstring.
I would recommend augmenting the module's docstring with the following statement:
"The maxlen variable can be set to an integer indicating the maximum size of a POST request. POST requests larger than this size will result in a ValueError being raised during parsing. The default value of this variable is 0, meaning the request size is unlimited."
----------
messages: 240965
nosy: deadpixi
priority: normal
severity: normal
status: open
title: Document the 'maxlen' member of the cgi module
versions: Python 3.4, Python 3.5, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23952>
_______________________________________
More information about the New-bugs-announce
mailing list