cgi, parse_header and semi-colon

Sylvain sylvain.vivien at
Sat Jun 7 09:49:41 CEST 2008

On Jun 6, 5:33 pm, "Richard Brodie" <R.Bro... at> wrote:
> "Sylvain" <sylvain.viv... at> wrote in message
> news:b80af57f-897d-4fd1-bebc-df0782143314 at
> > If we upload a file with a semi-colon (i.e : "C:/my;file.jpg") :
> > cgi.FieldStorage.filename returns only "my" everything after the semi-
> > colon is missing
> > Is it a bug or i'm missing something ?
> I doubt it's bug inparse_header, since it's meant to split on
> semicolons. Whether it's a bug in one of its callers, or the client
> not escaping sufficiently, I couldn't say offhand.

I've printed the filename in the content-disposition header :

If you look at the about "content-
disposition" :

"A short parameter value containing only ASCII characters, but
including `tspecials' characters, SHOULD be represented as `quoted-

So my header is correct but i think there is clearly a bug in the
parse_header and "content-disposition" should not be "splitted" only
with the split(';') method but should look at quoted-string too.


More information about the Python-list mailing list