Commit Graph

74 Commits

Author SHA1 Message Date
Christian Sattler e6fe10d340
bpo-45874: Handle empty query string correctly in urllib.parse.parse_qsl (#29716) 2021-12-12 10:41:12 +02:00
Inada Naoki e52ab42ced
bpo-41139: Deprecate `cgi.log()` (GH-25625) 2021-04-29 11:36:04 +09:00
Adam Goldschmidt fcbe0cb04d
bpo-42967: only use '&' as a query string separator (#24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().

urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.


Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>
2021-02-14 14:41:57 -08:00
Victor Stinner fbf43f051e
bpo-41521: Rename blacklist parameter to not_exported (GH-21824)
Rename "blacklist" parameter of test.support.check__all__() to
"not_exported".
2020-08-17 07:20:40 +02:00
roger d8cf3514dd
bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)
In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
2020-06-15 07:58:54 -07:00
Pierre Quentel 2d7cacacc3 bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (#10638)
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header

* Add Misc/NEWS.d/next file.

* Add rst formatting for NEWS.d/next file

* Reaplce assert by self.assertEqual
2019-09-11 12:05:53 +01:00
Victor Stinner 8f4ef3b019
Remove unused imports in tests (GH-14518) 2019-07-01 18:28:25 +02:00
matthewbelisle-wf b79b5c0949 bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
2018-10-23 01:14:35 -07:00
matthewbelisle-wf 209144831b bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
2018-10-19 03:52:59 -07:00
INADA Naoki 698865dcbb
bpo-33843: Remove deprecated stuff in cgi module (GH-7662) 2018-06-19 17:28:50 +09:00
Amber Brown 545c955be9 bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) 2018-05-14 18:11:55 -04:00
Pierre Quentel cc3fa204d3 bpo-29979: Rewrite cgi.parse_multipart to make it consistent with FieldStorage (#991) 2017-05-08 05:08:34 -07:00
R David Murray 44b548dda8 #27364: fix "incorrect" uses of escape character in the stdlib.
And most of the tools.

Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Martin Panter 1cd2772246 Issue #27105: Add cgi.test() to __all__, based on Jacek Kołodziej’s patch 2016-06-06 01:53:28 +00:00
Victor Stinner 1e26dc7ef6 (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:23:16 -07:00
Victor Stinner 6579459d4b cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:21:10 -07:00
Benjamin Peterson 0deefd5a94 merge 3.4 (#23801) 2015-03-29 16:45:19 -04:00
Donald Stufft d90f8d10e0 Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage 2015-03-29 16:43:23 -04:00
Serhiy Storchaka 5fd174a78d Use os.devnull instead of hardcoded '/dev/null'. 2015-02-15 14:03:11 +02:00
Serhiy Storchaka 85c3033670 Use os.devnull instead of hardcoded '/dev/null'. 2015-02-15 13:58:23 +02:00
Berker Peksag bf5e9604cc Issue #20289: cgi.FieldStorage() now supports the context management protocol. 2015-02-06 10:21:37 +02:00
Serhiy Storchaka 25d8aeac7c Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:50:08 +02:00
Senthil Kumaran b4cbb92fbe Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:20:16 -08:00
Florent Xicluna 331c3fd874 Issue #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:44:28 +02:00
Serhiy Storchaka c7bfe0e42e Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:34:41 +03:00
Senthil Kumaran c1a7c565aa merge from 3.2
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:00:26 -08:00
Senthil Kumaran 6b102f251f Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 02:50:15 -08:00
Brett Cannon 8f79dd5d7c Silence DeprecationWarning for cgi.escape() usage in test_cgi. 2012-04-25 20:49:19 -04:00
Senthil Kumaran 19b114b818 merge to 3.3 - Fix closes Issue14281 - Test for cgi.escape by Brian Landers 2012-03-13 01:51:20 -07:00
Senthil Kumaran 47b5ddb9cf 3.2 - Fix closes Issue14281 - Test for cgi.escape by Brian Landers 2012-03-13 01:50:27 -07:00
Senthil Kumaran 294c231aa5 default - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:06:59 +08:00
Senthil Kumaran 1ef0c0349e 3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:05:44 +08:00
Victor Stinner d33344a030 Add cgi.closelog() function to close the log file 2011-07-14 22:28:36 +02:00
Ezio Melotti 7ebb706133 Restore the global state of the log vars, so that test_cgi can be run twice without failures. 2011-07-14 15:18:57 +03:00
Victor Stinner f0e293cbcd Merged revisions 88700 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88700 | victor.stinner | 2011-03-02 00:08:36 +0100 (mer., 02 mars 2011) | 3 lines

  Issue #10911: Add tests on CGI with non-ASCII characters

  Patch written by Pierre Quentel
........
2011-03-01 23:09:57 +00:00
Brett Cannon 64c9af1508 Merged revisions 88496 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88496 | brett.cannon | 2011-02-21 19:14:12 -0800 (Mon, 21 Feb 2011) | 4 lines

  Issue #10512: close the log file in cgi when running tests.

  Thanks to Nadeem Vawda for the find and an initial fix.
........
2011-02-22 03:16:07 +00:00
Victor Stinner 5c23b8e6ea Issue #4953: cgi.FieldStorage and cgi.parse() parse the request as bytes, not
as unicode, and accept binary files. Add encoding and errors attributes to
cgi.FieldStorage.
2011-01-14 13:05:21 +00:00
Ezio Melotti 263cbdfdfb Use assertCountEqual instead of assertItemsEqual 2010-11-29 02:02:10 +00:00
Ezio Melotti b3aedd4862 #9424: Replace deprecated assert* methods in the Python test suite. 2010-11-20 19:04:17 +00:00
Benjamin Peterson 807a5a1652 close files properly 2010-10-30 22:59:37 +00:00
Michael Foord abd91d5f2c Issue 7832. Document changes to unittest.TestCase.assertSameElements and assertItemsEqual 2010-03-20 18:09:14 +00:00
Florent Xicluna 8fbddf15ea Merged revisions 79030-79032 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79030 | florent.xicluna | 2010-03-17 20:05:04 +0100 (mer, 17 mar 2010) | 2 lines

  Cleanup in test_import and test_coding.
........
  r79031 | florent.xicluna | 2010-03-17 20:15:56 +0100 (mer, 17 mar 2010) | 2 lines

  Cleanup some test cases using check_warnings and check_py3k_warnings.
........
  r79032 | florent.xicluna | 2010-03-17 21:05:11 +0100 (mer, 17 mar 2010) | 2 lines

  Fix and check cgi module deprecation warnings.  Revert an unwanted rename in test_import.
........
2010-03-17 20:29:51 +00:00
Benjamin Peterson 577473fe68 use assert[Not]In where appropriate
A patch from Dave Malcolm.
2010-01-19 00:09:57 +00:00
Benjamin Peterson c9c0f201fe convert old fail* assertions to assert* 2009-06-30 23:06:06 +00:00
Fred Drake 9a0a65b524 Merged revisions 67528 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r67528 | fred.drake | 2008-12-04 13:25:17 -0500 (Thu, 04 Dec 2008) | 4 lines

  Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to
  support unusual filenames (such as those containing semi-colons) in
  Content-Disposition headers.
........
2008-12-04 19:24:50 +00:00
Facundo Batista a27244bfa1 Added a warning filter to don't show the warning during
the tests. Also fixed the warning message in cgi.py
2008-09-09 02:43:19 +00:00
Facundo Batista bd18fd6710 Added sanity checks for the deprecated parse_qs() and
parse_qsl() functions in cgi module.
2008-09-08 00:23:29 +00:00
Facundo Batista c469d4c3aa Issue 600362: Relocated parse_qs() and parse_qsl(), from the cgi module
to the urlparse one.  Added a DeprecationWarning in the old module, it
will be deprecated in the future.  Docs and tests updated.
2008-09-03 22:49:01 +00:00
Guido van Rossum 52dbbb9068 - Issue #3300: make urllib.parse.[un]quote() default to UTF-8.
Code contributed by Matt Giuca.  quote() now encodes the input
  before quoting, unquote() decodes after unquoting.  There are
  new arguments to change the encoding and errors settings.
  There are also new APIs to skip the encode/decode steps.
  [un]quote_plus() are also affected.
2008-08-18 21:44:30 +00:00
Benjamin Peterson dcf97b98ec Merged revisions 64434-64435,64440-64443,64445,64447-64448,64450,64452,64455,64461,64464,64466,64468 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r64434 | andrew.kuchling | 2008-06-20 18:13:58 -0500 (Fri, 20 Jun 2008) | 1 line

  Remove request for e-mail; it's unlikely these classes will be saved
........
  r64435 | andrew.kuchling | 2008-06-20 18:14:32 -0500 (Fri, 20 Jun 2008) | 1 line

  Grammar fixes
........
  r64440 | andrew.kuchling | 2008-06-21 08:29:12 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring typo
........
  r64441 | andrew.kuchling | 2008-06-21 08:47:20 -0500 (Sat, 21 Jun 2008) | 1 line

  Use repr() for bad input strings; this makes the empty string or binary characters more visible
........
  r64442 | andrew.kuchling | 2008-06-21 08:48:38 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring correction
........
  r64443 | georg.brandl | 2008-06-21 09:26:19 -0500 (Sat, 21 Jun 2008) | 2 lines

  Documentation fix.
........
  r64445 | facundo.batista | 2008-06-21 12:30:06 -0500 (Sat, 21 Jun 2008) | 3 lines


  Reviewed and updated the documentation. Fixes #3017.
........
  r64447 | facundo.batista | 2008-06-21 13:58:04 -0500 (Sat, 21 Jun 2008) | 6 lines


  Now a from submitted via POST that also has a query string
  will contain both FieldStorage and MiniFieldStorage items.

  Fixes #1817.
........
  r64448 | facundo.batista | 2008-06-21 14:48:19 -0500 (Sat, 21 Jun 2008) | 5 lines


  In the deprecated functions I added an alert to review
  specially a section of the subprocess documentation
  that helps with the replacing of those functionss.
........
  r64450 | georg.brandl | 2008-06-22 04:05:29 -0500 (Sun, 22 Jun 2008) | 2 lines

  Turn section references into proper cross-references.
........
  r64452 | facundo.batista | 2008-06-22 08:36:20 -0500 (Sun, 22 Jun 2008) | 5 lines


  Issue #2722. Now the char buffer to support the path string has
  not fixed length, it mallocs memory if needed. As a result, we
  don't have a maximum for the getcwd() method.
........
  r64455 | facundo.batista | 2008-06-22 10:27:10 -0500 (Sun, 22 Jun 2008) | 4 lines


  Issue 3164. Small fix to don't repeat a comparation
  without necessity.
........
  r64461 | georg.brandl | 2008-06-22 13:11:52 -0500 (Sun, 22 Jun 2008) | 2 lines

  #3085: Fix syntax error.
........
  r64464 | georg.brandl | 2008-06-22 13:31:54 -0500 (Sun, 22 Jun 2008) | 2 lines

  Expand docstrings of sqlite3 functions.
........
  r64466 | georg.brandl | 2008-06-22 14:07:59 -0500 (Sun, 22 Jun 2008) | 2 lines

  Write out "phi" consistently.
........
  r64468 | facundo.batista | 2008-06-22 14:35:24 -0500 (Sun, 22 Jun 2008) | 4 lines


  Just returning nothing instead of rising TestSkipped, because
  it makes the test fail in the trunk.loewis-sun buildbot.
........
2008-07-02 17:30:14 +00:00