[Python-checkins] bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (GH-10638)
Miss Islington (bot)
webhook-mailer at python.org
Wed Sep 11 08:22:42 EDT 2019
https://github.com/python/cpython/commit/99f0e81f43f64b83e18e8cb2a0b66c53a81a74ab
commit: 99f0e81f43f64b83e18e8cb2a0b66c53a81a74ab
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-09-11T05:22:38-07:00
summary:
bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (GH-10638)
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header
* Add Misc/NEWS.d/next file.
* Add rst formatting for NEWS.d/next file
* Reaplce assert by self.assertEqual
(cherry picked from commit 2d7cacacc310b65b43e7e2de89e7722291dea6a4)
Co-authored-by: Pierre Quentel <pierre.quentel at gmail.com>
files:
A Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst
M Lib/cgi.py
M Lib/test/test_cgi.py
diff --git a/Lib/cgi.py b/Lib/cgi.py
index 8cf668718ded..df84f1fe69cf 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -478,7 +478,7 @@ def __init__(self, fp=None, headers=None, outerboundary=b'',
if maxlen and clen > maxlen:
raise ValueError('Maximum content length exceeded')
self.length = clen
- if self.limit is None and clen:
+ if self.limit is None and clen >= 0:
self.limit = clen
self.list = self.file = None
@@ -659,8 +659,10 @@ def read_multi(self, environ, keep_blank_values, strict_parsing):
if 'content-length' in headers:
del headers['content-length']
+ limit = None if self.limit is None \
+ else self.limit - self.bytes_read
part = klass(self.fp, headers, ib, environ, keep_blank_values,
- strict_parsing,self.limit-self.bytes_read,
+ strict_parsing, limit,
self.encoding, self.errors, max_num_fields)
if max_num_fields is not None:
@@ -751,7 +753,7 @@ def read_lines_to_outerboundary(self):
last_line_lfend = True
_read = 0
while 1:
- if _read >= self.limit:
+ if self.limit is not None and _read >= self.limit:
break
line = self.fp.readline(1<<16) # bytes
self.bytes_read += len(line)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index f4e00c7a72c5..b46be67f7732 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -363,6 +363,23 @@ def test_fieldstorage_part_content_length(self):
self.assertEqual(fs.list[0].name, 'submit-name')
self.assertEqual(fs.list[0].value, 'Larry')
+ def test_field_storage_multipart_no_content_length(self):
+ fp = BytesIO(b"""--MyBoundary
+Content-Disposition: form-data; name="my-arg"; filename="foo"
+
+Test
+
+--MyBoundary--
+""")
+ env = {
+ "REQUEST_METHOD": "POST",
+ "CONTENT_TYPE": "multipart/form-data; boundary=MyBoundary",
+ "wsgi.input": fp,
+ }
+ fields = cgi.FieldStorage(fp, environ=env)
+
+ self.assertEqual(len(fields["my-arg"].file.read()), 5)
+
def test_fieldstorage_as_context_manager(self):
fp = BytesIO(b'x' * 10)
env = {'REQUEST_METHOD': 'PUT'}
diff --git a/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst
new file mode 100644
index 000000000000..726329ad0d65
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst
@@ -0,0 +1,2 @@
+Fixes a bug in :mod:`cgi` module when a multipart/form-data request has no
+`Content-Length` header.
More information about the Python-checkins
mailing list