diff --git a/Lib/cgi.py b/Lib/cgi.py index dda848424af..385a57c4548 100755 --- a/Lib/cgi.py +++ b/Lib/cgi.py @@ -223,17 +223,17 @@ def parse_multipart(fp, pdict): """ import http.client - boundary = "" + boundary = b"" if 'boundary' in pdict: boundary = pdict['boundary'] if not valid_boundary(boundary): raise ValueError('Invalid boundary in multipart form: %r' % (boundary,)) - nextpart = "--" + boundary - lastpart = "--" + boundary + "--" + nextpart = b"--" + boundary + lastpart = b"--" + boundary + b"--" partdict = {} - terminator = "" + terminator = b"" while terminator != lastpart: bytes = -1 @@ -252,7 +252,7 @@ def parse_multipart(fp, pdict): raise ValueError('Maximum content length exceeded') data = fp.read(bytes) else: - data = "" + data = b"" # Read lines until end of part. lines = [] while 1: @@ -260,7 +260,7 @@ def parse_multipart(fp, pdict): if not line: terminator = lastpart # End outer loop break - if line.startswith("--"): + if line.startswith(b"--"): terminator = line.rstrip() if terminator in (nextpart, lastpart): break @@ -272,12 +272,12 @@ def parse_multipart(fp, pdict): if lines: # Strip final line terminator line = lines[-1] - if line[-2:] == "\r\n": + if line[-2:] == b"\r\n": line = line[:-2] - elif line[-1:] == "\n": + elif line[-1:] == b"\n": line = line[:-1] lines[-1] = line - data = "".join(lines) + data = b"".join(lines) line = headers['content-disposition'] if not line: continue diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index 5510a0dccd3..cb28aa8712b 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -5,6 +5,7 @@ import sys import tempfile import unittest import warnings +from collections import namedtuple from io import StringIO, BytesIO class HackedSysModule: @@ -119,6 +120,23 @@ def gen_result(data, environ): class CgiTests(unittest.TestCase): + def test_parse_multipart(self): + fp = BytesIO(POSTDATA.encode('latin1')) + env = {'boundary': BOUNDARY.encode('latin1'), + 'CONTENT-LENGTH': '558'} + result = cgi.parse_multipart(fp, env) + expected = {'submit': [b' Add '], 'id': [b'1234'], + 'file': [b'Testing 123.\n'], 'title': [b'']} + self.assertEqual(result, expected) + + def test_fieldstorage_properties(self): + fs = cgi.FieldStorage() + self.assertFalse(fs) + self.assertIn("FieldStorage", repr(fs)) + self.assertEqual(list(fs), list(fs.keys())) + fs.list.append(namedtuple('MockFieldStorage', 'name')('fieldvalue')) + self.assertTrue(fs) + def test_escape(self): # cgi.escape() is deprecated. with warnings.catch_warnings(): diff --git a/Misc/NEWS b/Misc/NEWS index fe33f02b4e2..b905afbed8d 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -220,6 +220,9 @@ Core and Builtins Library ------- +- Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries + and bytes data. Patch by Jonas Wagner. + - Issue #16957: shutil.which() no longer searches a bare file name in the current directory on Unix and no longer searches a relative file path with a directory part in PATH directories. Patch by Thomas Kluyver.