[Python-checkins] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)

Miss Islington (bot) webhook-mailer at python.org
Mon Jun 15 11:51:40 EDT 2020 

https://github.com/python/cpython/commit/c72b7f703eec45c1f4006bf5f65092daedaec46e
commit: c72b7f703eec45c1f4006bf5f65092daedaec46e
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-06-15T08:51:35-07:00
summary:

bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)


In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
(cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95)

Co-authored-by: roger <rogerduran at gmail.com>

files:
A Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
M Lib/cgi.py
M Lib/test/test_cgi.py

diff --git a/Lib/cgi.py b/Lib/cgi.py
index c22c71b387851..77ab703cc0360 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -200,7 +200,10 @@ def parse_multipart(fp, pdict, encoding="utf-8", errors="replace"):
     ctype = "multipart/form-data; boundary={}".format(boundary)
     headers = Message()
     headers.set_type(ctype)
-    headers['Content-Length'] = pdict['CONTENT-LENGTH']
+    try:
+        headers['Content-Length'] = pdict['CONTENT-LENGTH']
+    except KeyError:
+        pass
     fs = FieldStorage(fp, headers=headers, encoding=encoding, errors=errors,
         environ={'REQUEST_METHOD': 'POST'})
     return {k: fs.getlist(k) for k in fs}
@@ -736,7 +739,8 @@ def read_lines_to_outerboundary(self):
         last_line_lfend = True
         _read = 0
         while 1:
-            if self.limit is not None and _read >= self.limit:
+
+            if self.limit is not None and 0 <= self.limit <= _read:
                 break
             line = self.fp.readline(1<<16) # bytes
             self.bytes_read += len(line)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index ab8677199f32e..101942de947fb 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -128,6 +128,20 @@ def test_parse_multipart(self):
                     'file': [b'Testing 123.\n'], 'title': ['']}
         self.assertEqual(result, expected)
 
+    def test_parse_multipart_without_content_length(self):
+        POSTDATA = '''--JfISa01
+Content-Disposition: form-data; name="submit-name"
+
+just a string
+
+--JfISa01--
+'''
+        fp = BytesIO(POSTDATA.encode('latin1'))
+        env = {'boundary': 'JfISa01'.encode('latin1')}
+        result = cgi.parse_multipart(fp, env)
+        expected = {'submit-name': ['just a string\n']}
+        self.assertEqual(result, expected)
+
     def test_parse_multipart_invalid_encoding(self):
         BOUNDARY = "JfISa01"
         POSTDATA = """--JfISa01
diff --git a/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst b/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
new file mode 100644
index 0000000000000..2656b4bf22ae4
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
@@ -0,0 +1 @@
+Fix `cgi.parse_multipart` without content_length. Patch by Roger Duran

More information about the Python-checkins mailing list