[Python-checkins] bpo-45874: Handle empty query string correctly in urllib.parse.parse_qsl (#29716)
asvetlov
webhook-mailer at python.org
Sun Dec 12 03:41:19 EST 2021
https://github.com/python/cpython/commit/e6fe10d34096a23be7d26271cf6aba429313b01d
commit: e6fe10d34096a23be7d26271cf6aba429313b01d
branch: main
author: Christian Sattler <sattler.christian at gmail.com>
committer: asvetlov <andrew.svetlov at gmail.com>
date: 2021-12-12T10:41:12+02:00
summary:
bpo-45874: Handle empty query string correctly in urllib.parse.parse_qsl (#29716)
files:
A Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst
M Lib/test/test_cgi.py
M Lib/urllib/parse.py
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index c1b893d3fe534..06762f8872a30 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -51,7 +51,7 @@ def do_test(buf, method):
return ComparableException(err)
parse_strict_test_cases = [
- ("", ValueError("bad query field: ''")),
+ ("", {}),
("&", ValueError("bad query field: ''")),
("&&", ValueError("bad query field: ''")),
# Should the next few really be valid?
diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
index bf16d0f42e579..67ba308c409a2 100644
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py
@@ -740,12 +740,13 @@ def parse_qsl(qs, keep_blank_values=False, strict_parsing=False,
# is less than max_num_fields. This prevents a memory exhaustion DOS
# attack via post bodies with many fields.
if max_num_fields is not None:
- num_fields = 1 + qs.count(separator)
+ num_fields = 1 + qs.count(separator) if qs else 0
if max_num_fields < num_fields:
raise ValueError('Max number of fields exceeded')
r = []
- for name_value in qs.split(separator):
+ query_args = qs.split(separator) if qs else []
+ for name_value in query_args:
if not name_value and not strict_parsing:
continue
nv = name_value.split('=', 1)
diff --git a/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst
new file mode 100644
index 0000000000000..ef793cf30a80e
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst
@@ -0,0 +1,3 @@
+The empty query string, consisting of no query arguments, is now handled
+correctly in ``urllib.parse.parse_qsl``. This caused problems before when
+strict parsing was enabled.
More information about the Python-checkins
mailing list