diff --git a/Lib/cgi.py b/Lib/cgi.py index 33b91bfbd23..0bb5b8eaf1d 100755 --- a/Lib/cgi.py +++ b/Lib/cgi.py @@ -289,16 +289,28 @@ def parse_multipart(fp, pdict): return partdict +def _parseparam(s): + while s[:1] == ';': + s = s[1:] + end = s.find(';') + while end > 0 and s.count('"', 0, end) % 2: + end = s.find(';', end + 1) + if end < 0: + end = len(s) + f = s[:end] + yield f.strip() + s = s[end:] + def parse_header(line): """Parse a Content-type like header. Return the main content-type and a dictionary of options. """ - plist = [x.strip() for x in line.split(';')] - key = plist.pop(0).lower() + parts = _parseparam(';' + line) + key = parts.next() pdict = {} - for p in plist: + for p in parts: i = p.find('=') if i >= 0: name = p[:i].strip().lower() diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index fa1d37fceb8..800f6291c66 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -354,6 +354,32 @@ this is the content of the fake file self.assertEqual([('a', 'A1'), ('b', 'B2'), ('B', 'B3')], cgi.parse_qsl('a=A1&b=B2&B=B3')) + def test_parse_header(self): + self.assertEqual( + cgi.parse_header("text/plain"), + ("text/plain", {})) + self.assertEqual( + cgi.parse_header("text/vnd.just.made.this.up ; "), + ("text/vnd.just.made.this.up", {})) + self.assertEqual( + cgi.parse_header("text/plain;charset=us-ascii"), + ("text/plain", {"charset": "us-ascii"})) + self.assertEqual( + cgi.parse_header('text/plain ; charset="us-ascii"'), + ("text/plain", {"charset": "us-ascii"})) + self.assertEqual( + cgi.parse_header('text/plain ; charset="us-ascii"; another=opt'), + ("text/plain", {"charset": "us-ascii", "another": "opt"})) + self.assertEqual( + cgi.parse_header('attachment; filename="silly.txt"'), + ("attachment", {"filename": "silly.txt"})) + self.assertEqual( + cgi.parse_header('attachment; filename="strange;name"'), + ("attachment", {"filename": "strange;name"})) + self.assertEqual( + cgi.parse_header('attachment; filename="strange;name";size=123;'), + ("attachment", {"filename": "strange;name", "size": "123"})) + def test_main(): run_unittest(CgiTests) diff --git a/Misc/NEWS b/Misc/NEWS index 78578e30595..300c8191811 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -60,6 +60,10 @@ Core and Builtins Library ------- +- Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to + support unusual filenames (such as those containing semi-colons) in + Content-Disposition headers. + - Issue #4384: Added integration with warnings module using captureWarnings(). This change includes a NullHandler which does nothing; it will be of use to library developers who want to avoid the "No handlers could be found for