cgi.FieldStorage.read_multi ignores Content-Length

Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
This commit is contained in:
Victor Stinner 2015-08-18 10:21:10 -07:00
parent 2053aa1193
commit 6579459d4b
4 changed files with 29 additions and 0 deletions

View File

@ -714,6 +714,11 @@ class FieldStorage:
self.bytes_read += len(hdr_text) self.bytes_read += len(hdr_text)
parser.feed(hdr_text.decode(self.encoding, self.errors)) parser.feed(hdr_text.decode(self.encoding, self.errors))
headers = parser.close() headers = parser.close()
# Some clients add Content-Length for part headers, ignore them
if 'content-length' in headers:
del headers['content-length']
part = klass(self.fp, headers, ib, environ, keep_blank_values, part = klass(self.fp, headers, ib, environ, keep_blank_values,
strict_parsing,self.limit-self.bytes_read, strict_parsing,self.limit-self.bytes_read,
self.encoding, self.errors) self.encoding, self.errors)

View File

@ -326,6 +326,25 @@ Content-Type: text/plain
got = getattr(files[x], k) got = getattr(files[x], k)
self.assertEqual(got, exp) self.assertEqual(got, exp)
def test_fieldstorage_part_content_length(self):
BOUNDARY = "JfISa01"
POSTDATA = """--JfISa01
Content-Disposition: form-data; name="submit-name"
Content-Length: 5
Larry
--JfISa01"""
env = {
'REQUEST_METHOD': 'POST',
'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
'CONTENT_LENGTH': str(len(POSTDATA))}
fp = BytesIO(POSTDATA.encode('latin-1'))
fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
self.assertEqual(len(fs.list), 1)
self.assertEqual(fs.list[0].name, 'submit-name')
self.assertEqual(fs.list[0].value, 'Larry')
_qs_result = { _qs_result = {
'key1': 'value1', 'key1': 'value1',
'key2': ['value2x', 'value2y'], 'key2': ['value2x', 'value2y'],

View File

@ -773,6 +773,7 @@ Thomas Lamb
Valerie Lambert Valerie Lambert
Jean-Baptiste "Jiba" Lamy Jean-Baptiste "Jiba" Lamy
Ronan Lamy Ronan Lamy
Peter Landry
Torsten Landschoff Torsten Landschoff
Łukasz Langa Łukasz Langa
Tino Lange Tino Lange

View File

@ -75,6 +75,10 @@ Core and Builtins
Library Library
------- -------
- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
- Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu. - Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu.
- Issue #21159: Improve message in configparser.InterpolationMissingOptionError. - Issue #21159: Improve message in configparser.InterpolationMissingOptionError.