Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage
This commit is contained in:
Donald Stufft
parent
1058cda38f
commit
d90f8d10e0
|
|
@ -693,8 +693,13 @@ class FieldStorage:
|
||||||
raise ValueError("%s should return bytes, got %s" \
|
raise ValueError("%s should return bytes, got %s" \
|
||||||
% (self.fp, type(first_line).__name__))
|
% (self.fp, type(first_line).__name__))
|
||||||
self.bytes_read += len(first_line)
|
self.bytes_read += len(first_line)
|
||||||
# first line holds boundary ; ignore it, or check that
|
|
||||||
# b"--" + ib == first_line.strip() ?
|
# Ensure that we consume the file until we've hit our inner boundary
|
||||||
|
while (first_line.strip() != (b"--" + self.innerboundary) and
|
||||||
|
first_line):
|
||||||
|
first_line = self.fp.readline()
|
||||||
|
self.bytes_read += len(first_line)
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
parser = FeedParser()
|
parser = FeedParser()
|
||||||
hdr_text = b""
|
hdr_text = b""
|
||||||
|
|
|
||||||
|
|
@ -248,6 +248,25 @@ class CgiTests(unittest.TestCase):
|
||||||
got = getattr(fs.list[x], k)
|
got = getattr(fs.list[x], k)
|
||||||
self.assertEqual(got, exp)
|
self.assertEqual(got, exp)
|
||||||
|
|
||||||
|
def test_fieldstorage_multipart_leading_whitespace(self):
|
||||||
|
env = {
|
||||||
|
'REQUEST_METHOD': 'POST',
|
||||||
|
'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
|
||||||
|
'CONTENT_LENGTH': '560'}
|
||||||
|
# Add some leading whitespace to our post data that will cause the
|
||||||
|
# first line to not be the innerboundary.
|
||||||
|
fp = BytesIO(b"\r\n" + POSTDATA.encode('latin-1'))
|
||||||
|
fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
|
||||||
|
self.assertEqual(len(fs.list), 4)
|
||||||
|
expect = [{'name':'id', 'filename':None, 'value':'1234'},
|
||||||
|
{'name':'title', 'filename':None, 'value':''},
|
||||||
|
{'name':'file', 'filename':'test.txt', 'value':b'Testing 123.\n'},
|
||||||
|
{'name':'submit', 'filename':None, 'value':' Add '}]
|
||||||
|
for x in range(len(fs.list)):
|
||||||
|
for k, exp in expect[x].items():
|
||||||
|
got = getattr(fs.list[x], k)
|
||||||
|
self.assertEqual(got, exp)
|
||||||
|
|
||||||
def test_fieldstorage_multipart_non_ascii(self):
|
def test_fieldstorage_multipart_non_ascii(self):
|
||||||
#Test basic FieldStorage multipart parsing
|
#Test basic FieldStorage multipart parsing
|
||||||
env = {'REQUEST_METHOD':'POST',
|
env = {'REQUEST_METHOD':'POST',
|
||||||
|
|
|
||||||
|
|
@ -124,6 +124,9 @@ Library
|
||||||
|
|
||||||
- Issue #23361: Fix possible overflow in Windows subprocess creation code.
|
- Issue #23361: Fix possible overflow in Windows subprocess creation code.
|
||||||
|
|
||||||
|
- Issue #23801: Fix issue where cgi.FieldStorage did not always ignore the
|
||||||
|
entire preamble to a multipart body.
|
||||||
|
|
||||||
Tests
|
Tests
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue