[issue21705] cgi.py: Multipart with more than one file is misparsed
Matthias Urlichs
report at bugs.python.org
Tue Jun 10 13:57:04 CEST 2014
New submission from Matthias Urlichs:
This code in cgi.py makes no sense whatsoever:
842 if line.endswith(b"--") and last_line_lfend:
843 strippedline = line.strip()
844 if strippedline == next_boundary:
845 break
846 if strippedline == last_boundary:
847 self.done = 1
848 break
(Pdb) p next_boundary
b'--testdata'
(Pdb) p last_boundary
b'--testdata--'
(Pdb)
The net effect of this is that parsing a multipart with more than one file in it is impossible, as the first file's reader will gobble up the remainder of the input.
Patch attached.
I guess it's a safe bet that no sane person even uses cgi.py any more, otherwise this would have been discovered a bit sooner.
----------
components: Library (Lib)
files: cgi.patch2
messages: 220164
nosy: smurfix
priority: normal
severity: normal
status: open
title: cgi.py: Multipart with more than one file is misparsed
type: behavior
versions: Python 3.3, Python 3.4, Python 3.5
Added file: http://bugs.python.org/file35552/cgi.patch2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21705>
_______________________________________
More information about the Python-bugs-list
mailing list