Commit Graph

145 Commits

Author SHA1 Message Date
Miss Islington (bot) 178bf58e79
bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
(cherry picked from commit b79b5c0949)

Co-authored-by: matthewbelisle-wf <matthew.belisle@workiva.com>
2018-10-23 03:54:52 -07:00
Miss Islington (bot) a66f279a13
bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
(cherry picked from commit 209144831b)

Co-authored-by: matthewbelisle-wf <matthew.belisle@workiva.com>
2018-10-19 04:11:16 -07:00
Miss Islington (bot) e8f968dcde bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) (GH-6837)
(cherry picked from commit 545c955be9)

Co-authored-by: Amber Brown <hawkowl@atleastfornow.net>
2018-05-14 18:20:06 -04:00
Pierre Quentel cc3fa204d3 bpo-29979: Rewrite cgi.parse_multipart to make it consistent with FieldStorage (#991) 2017-05-08 05:08:34 -07:00
Serhiy Storchaka 2e576f5aec bpo-30144: Import collections ABC from collections.abc rather than collections. (#1263) 2017-04-24 09:05:00 +03:00
Martin Panter 1cd2772246 Issue #27105: Add cgi.test() to __all__, based on Jacek Kołodziej’s patch 2016-06-06 01:53:28 +00:00
Martin Panter 46f50726a0 Issue #27076: Doc, comment and tests spelling fixes
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Victor Stinner 1e26dc7ef6 (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:23:16 -07:00
Victor Stinner 6579459d4b cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.
2015-08-18 10:21:10 -07:00
Benjamin Peterson 0deefd5a94 merge 3.4 (#23801) 2015-03-29 16:45:19 -04:00
Donald Stufft d90f8d10e0 Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage 2015-03-29 16:43:23 -04:00
Berker Peksag bf5e9604cc Issue #20289: cgi.FieldStorage() now supports the context management protocol. 2015-02-06 10:21:37 +02:00
Benjamin Peterson 4d59a78786 remove unused argument (closes #21135) 2014-04-03 10:22:10 -04:00
Senthil Kumaran d87346c0ce merge from 3.3
Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:22:21 -08:00
Senthil Kumaran b4cbb92fbe Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an
invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage
object.
2014-01-11 22:20:16 -08:00
Georg Brandl 12ec29f105 Closes #17335: remove no-op assignment. 2013-10-13 22:16:48 +02:00
Brett Cannon f79126f373 Issue #18394: Explicitly close the file object cgi.FieldStorage
caches.

Eliminates the ResoureWarning raised during testing.

Patch also independently written by Vajrasky Kok.
2013-08-23 15:15:48 -04:00
Florent Xicluna 74a146d3ac Merge #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:46:28 +02:00
Florent Xicluna 331c3fd874 Issue #18013: Fix cgi.FieldStorage to parse the W3C sample form. 2013-07-07 12:44:28 +02:00
Serhiy Storchaka 774bed7e60 Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:36:20 +03:00
Serhiy Storchaka c7bfe0e42e Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:34:41 +03:00
Senthil Kumaran 42d8773df4 merge from 3.3
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:01:23 -08:00
Senthil Kumaran c1a7c565aa merge from 3.2
Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 03:00:26 -08:00
Senthil Kumaran 6b102f251f Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and
bytes data. Patch by Jonas Wagner.
2013-01-23 02:50:15 -08:00
Andrew Svetlov f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Andrew Svetlov 8b33dd8e54 Use OESeeror instead of os.error (#16720)
Patch by Serhiy Storchaka.
2012-12-24 19:58:48 +02:00
Andrew Svetlov ad28c7f9da Issue #16706: get rid of os.error 2012-12-18 22:02:39 +02:00
Florent Xicluna 67317750af Issue #13248: turn 3.2's PendingDeprecationWarning into 3.3's DeprecationWarning (cgi, importlib, nntplib, smtpd). 2011-12-10 11:07:42 +01:00
Senthil Kumaran 294c231aa5 default - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:06:59 +08:00
Senthil Kumaran 1ef0c0349e 3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
semicolons. Patch by Ben Darnell and Petri Lehtinen.
2011-10-20 01:05:44 +08:00
Victor Stinner d33344a030 Add cgi.closelog() function to close the log file 2011-07-14 22:28:36 +02:00
Victor Stinner f1c7ca93c1 cgi: use isinstance(x, list) instead of type(x) == type([]) 2011-01-14 13:08:27 +00:00
Victor Stinner 5c23b8e6ea Issue #4953: cgi.FieldStorage and cgi.parse() parse the request as bytes, not
as unicode, and accept binary files. Add encoding and errors attributes to
cgi.FieldStorage.
2011-01-14 13:05:21 +00:00
Georg Brandl 1f7fffb308 #2830: add html.escape() helper and move cgi.escape() uses in the standard library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning. 2010-10-15 15:57:45 +00:00
Senthil Kumaran 30e86a4767 Fix Issue7007 - Use percent-encoded consistently instead of URL Encoded variations. Changes in Modules. 2010-08-09 20:01:35 +00:00
Benjamin Peterson 8c703a0ba6 Merged revisions 78844 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78844 | benjamin.peterson | 2010-03-11 16:03:45 -0600 (Thu, 11 Mar 2010) | 1 line

  revert r78842 cgi.py change
........
2010-03-11 22:05:58 +00:00
Benjamin Peterson 894197d9f1 Merged revisions 78841-78842 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78841 | benjamin.peterson | 2010-03-11 15:50:45 -0600 (Thu, 11 Mar 2010) | 1 line

  remove executable property from doc files
........
  r78842 | benjamin.peterson | 2010-03-11 15:53:25 -0600 (Thu, 11 Mar 2010) | 1 line

  use proper shebang lines
........
2010-03-11 21:55:56 +00:00
Philip Jenvey a394f2dca3 #4351: more appropriate DeprecationWarning stacklevels 2009-05-08 03:57:12 +00:00
Fred Drake 9a0a65b524 Merged revisions 67528 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r67528 | fred.drake | 2008-12-04 13:25:17 -0500 (Thu, 04 Dec 2008) | 4 lines

  Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to
  support unusual filenames (such as those containing semi-colons) in
  Content-Disposition headers.
........
2008-12-04 19:24:50 +00:00
Facundo Batista a27244bfa1 Added a warning filter to don't show the warning during
the tests. Also fixed the warning message in cgi.py
2008-09-09 02:43:19 +00:00
Facundo Batista c469d4c3aa Issue 600362: Relocated parse_qs() and parse_qsl(), from the cgi module
to the urlparse one.  Added a DeprecationWarning in the old module, it
will be deprecated in the future.  Docs and tests updated.
2008-09-03 22:49:01 +00:00
Benjamin Peterson dcf97b98ec Merged revisions 64434-64435,64440-64443,64445,64447-64448,64450,64452,64455,64461,64464,64466,64468 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r64434 | andrew.kuchling | 2008-06-20 18:13:58 -0500 (Fri, 20 Jun 2008) | 1 line

  Remove request for e-mail; it's unlikely these classes will be saved
........
  r64435 | andrew.kuchling | 2008-06-20 18:14:32 -0500 (Fri, 20 Jun 2008) | 1 line

  Grammar fixes
........
  r64440 | andrew.kuchling | 2008-06-21 08:29:12 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring typo
........
  r64441 | andrew.kuchling | 2008-06-21 08:47:20 -0500 (Sat, 21 Jun 2008) | 1 line

  Use repr() for bad input strings; this makes the empty string or binary characters more visible
........
  r64442 | andrew.kuchling | 2008-06-21 08:48:38 -0500 (Sat, 21 Jun 2008) | 1 line

  Docstring correction
........
  r64443 | georg.brandl | 2008-06-21 09:26:19 -0500 (Sat, 21 Jun 2008) | 2 lines

  Documentation fix.
........
  r64445 | facundo.batista | 2008-06-21 12:30:06 -0500 (Sat, 21 Jun 2008) | 3 lines


  Reviewed and updated the documentation. Fixes #3017.
........
  r64447 | facundo.batista | 2008-06-21 13:58:04 -0500 (Sat, 21 Jun 2008) | 6 lines


  Now a from submitted via POST that also has a query string
  will contain both FieldStorage and MiniFieldStorage items.

  Fixes #1817.
........
  r64448 | facundo.batista | 2008-06-21 14:48:19 -0500 (Sat, 21 Jun 2008) | 5 lines


  In the deprecated functions I added an alert to review
  specially a section of the subprocess documentation
  that helps with the replacing of those functionss.
........
  r64450 | georg.brandl | 2008-06-22 04:05:29 -0500 (Sun, 22 Jun 2008) | 2 lines

  Turn section references into proper cross-references.
........
  r64452 | facundo.batista | 2008-06-22 08:36:20 -0500 (Sun, 22 Jun 2008) | 5 lines


  Issue #2722. Now the char buffer to support the path string has
  not fixed length, it mallocs memory if needed. As a result, we
  don't have a maximum for the getcwd() method.
........
  r64455 | facundo.batista | 2008-06-22 10:27:10 -0500 (Sun, 22 Jun 2008) | 4 lines


  Issue 3164. Small fix to don't repeat a comparation
  without necessity.
........
  r64461 | georg.brandl | 2008-06-22 13:11:52 -0500 (Sun, 22 Jun 2008) | 2 lines

  #3085: Fix syntax error.
........
  r64464 | georg.brandl | 2008-06-22 13:31:54 -0500 (Sun, 22 Jun 2008) | 2 lines

  Expand docstrings of sqlite3 functions.
........
  r64466 | georg.brandl | 2008-06-22 14:07:59 -0500 (Sun, 22 Jun 2008) | 2 lines

  Write out "phi" consistently.
........
  r64468 | facundo.batista | 2008-06-22 14:35:24 -0500 (Sun, 22 Jun 2008) | 4 lines


  Just returning nothing instead of rising TestSkipped, because
  it makes the test fail in the trunk.loewis-sun buildbot.
........
2008-07-02 17:30:14 +00:00
Jeremy Hylton 1afc169616 Make a new urllib package .
It consists of code from urllib, urllib2, urlparse, and robotparser.
The old modules have all been removed.  The new package has five
submodules: urllib.parse, urllib.request, urllib.response,
urllib.error, and urllib.robotparser.  The urllib.request.urlopen()
function uses the url opener from urllib2.

Note that the unittests have not been renamed for the
beta, but they will be renamed in the future.

Joint work with Senthil Kumaran.
2008-06-18 20:49:58 +00:00
Benjamin Peterson ab82a97b73 remove a mimetools import 2008-06-12 17:36:10 +00:00
Barry Warsaw 820c120059 Patch for issue 2848, mostly by Humberto Diogenes, with a couple of
small fixes by Barry.  This removes mimetools from the stdlib.
2008-06-12 04:06:45 +00:00
Barry Warsaw 596097e0bc Patch by Humberto Diogenes for issue 2849, removing rfc822 module from
the standard library.  There are still a few cases of it in Demo and
Tools, but that's fine for now.  These should eventually get cleaned
up.  mimetools still has an import of rfc822, but mimetools itself
should go away.
2008-06-12 02:38:51 +00:00
Georg Brandl 49d1b4f919 Remove old backwards-compatibility classes from the cgi module. 2008-05-11 21:42:51 +00:00
Raymond Hettinger 2add352c43 Remove one use of UserDict.UserDict 2008-02-04 22:43:27 +00:00
Thomas Wouters 8ce81f767a Merged revisions 58211-58220 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r58211 | facundo.batista | 2007-09-19 19:53:25 +0200 (Wed, 19 Sep 2007) | 4 lines


  Issue #1772851.  Optimization of __hash__ to behave better for big big
  numbers.
........
  r58216 | raymond.hettinger | 2007-09-20 05:03:43 +0200 (Thu, 20 Sep 2007) | 1 line

  Fit nits
........
  r58217 | georg.brandl | 2007-09-20 10:44:59 +0200 (Thu, 20 Sep 2007) | 2 lines

  alternate -> alternative.
........
  r58218 | georg.brandl | 2007-09-20 18:06:07 +0200 (Thu, 20 Sep 2007) | 2 lines

  Patch #1541463: optimize performance of cgi.FieldStorage operations.
........
  r58219 | georg.brandl | 2007-09-20 18:45:27 +0200 (Thu, 20 Sep 2007) | 2 lines

  #1176: document that string methods don't take keyword args.
........
  r58220 | thomas.wouters | 2007-09-20 19:35:10 +0200 (Thu, 20 Sep 2007) | 4 lines


  Try harder to stay within the 79-column limit. There's still two places that go (way) over, but those are harder to fix without suffering in readability.
........
2007-09-20 18:22:40 +00:00
Collin Winter ce36ad8a46 Raise statement normalization in Lib/. 2007-08-30 01:19:48 +00:00