[Python-bugs-list] [ python-Bugs-411612 ] cgi.py sometimes ignores QUERY_STRING

noreply@sourceforge.net noreply@sourceforge.net
Tue, 10 Apr 2001 13:09:37 -0700


Bugs item #411612, was updated on 2001-03-27 03:58
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=411612&group_id=5470

Category: Python Library
Group: None
Status: Open
>Priority: 3
Submitted By: Viktor Fougstedt (viktordt)
Assigned to: Nobody/Anonymous (nobody)
Summary: cgi.py sometimes ignores QUERY_STRING

Initial Comment:
[Using Python 2.0/Sparc Solaris 8, should be
independent of operating system]

cgi.py sometimes ignores the QUERY_STRING when
REQUEST_METHOD is POST.

The CGI specifications says nothing about how programs
should respond to this particular combination. It does
however state that QUERY_STRING should always be set by
the server, regardless of the request method. Since
QUERY_STRING is set, it seems reasonable that the cgi
module should parse it as well and not just ignore it. 

If cgi.py intentionally ignores QUERY_STRING under
these circumstances, I think it should be documented.
:-)

What this means is that if i have a HTML form a'la

<form action="/cgi-bin/some_cgi?foo=foo">
  <input type="text" name="bar">
  <input type="submit">
</form>

and some_cgi is a python script using cgi.py, I should
get both foo and bar set. Currently, the QUERY_STRING
(i.e. "foo=foo") is ignored, and only bar gets set by
cgi.py.

I consider this a "bug" insofar as it is an unexpected
and somewhat inconsistent behaviour. If I e.g. use the
url "/cgi-bin/myprog/session_id=10023" everywhere in my
program, I must suddenly alter it if the URL is used in
a FORM action attribute, and instead insert a hidden
variable called session_id into the form to get cgi.py
to parse it.

The parse() function in cgi.py correctly checks and
appends QUERY_STRING if it is set. But the FieldStorage
read_urlencoded() method does not, and that is the
function that is actually used, not cgi.parse().

The fix should be to add two lines (marked with '>'
below) after the initial assignment to qs in the
read_urlencoded() method of the FieldStorage class so
that it begins:

    def read_urlencoded(self):
        """Internal: read data in query string
format."""
        qs = self.fp.read(self.length)
        if os.environ.has_key('QUERY_STRING'):
            if qs: qs = qs + '&'
            qs = qs + environ['QUERY_STRING']

(the three last lines are new, and identical to the
three lines in the cgi.parse() function which
accomplishes the same task).




----------------------------------------------------------------------

Comment By: Guido van Rossum (gvanrossum)
Date: 2001-04-10 08:30

Message:
Logged In: YES 
user_id=6380

The idea is right, but since nobody volunteered a working
patch, this won't make it into 2.1.  Sorry.  Try again after
2.1!

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2001-03-27 04:23

Message:
Logged In: NO 

Quick check: That "fix" does not work. It duplicates
the QUERY_STRING if you use the GET method. Additional
checks are necessary to ensure correct operation.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=411612&group_id=5470