diff options
| author | Pierre Quentel <pierre.quentel@gmail.com> | 2019-09-11 13:05:53 +0200 |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2019-09-11 12:05:53 +0100 |
| commit | 2d7cacacc310b65b43e7e2de89e7722291dea6a4 (patch) | |
| tree | 97f6f93239ec1c04a28cb05b713f24cc951caafc | |
| parent | 972cf5c06a5ba16ad243a442dbb9c15307fbed95 (diff) | |
| download | cpython-git-2d7cacacc310b65b43e7e2de89e7722291dea6a4.tar.gz | |
bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… (#10638)
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header
* Add Misc/NEWS.d/next file.
* Add rst formatting for NEWS.d/next file
* Reaplce assert by self.assertEqual
| -rwxr-xr-x | Lib/cgi.py | 8 | ||||
| -rw-r--r-- | Lib/test/test_cgi.py | 17 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst | 2 |
3 files changed, 24 insertions, 3 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py index b96bd1f0fe..c22c71b387 100755 --- a/Lib/cgi.py +++ b/Lib/cgi.py @@ -461,7 +461,7 @@ class FieldStorage: if maxlen and clen > maxlen: raise ValueError('Maximum content length exceeded') self.length = clen - if self.limit is None and clen: + if self.limit is None and clen >= 0: self.limit = clen self.list = self.file = None @@ -642,8 +642,10 @@ class FieldStorage: if 'content-length' in headers: del headers['content-length'] + limit = None if self.limit is None \ + else self.limit - self.bytes_read part = klass(self.fp, headers, ib, environ, keep_blank_values, - strict_parsing,self.limit-self.bytes_read, + strict_parsing, limit, self.encoding, self.errors, max_num_fields) if max_num_fields is not None: @@ -734,7 +736,7 @@ class FieldStorage: last_line_lfend = True _read = 0 while 1: - if _read >= self.limit: + if self.limit is not None and _read >= self.limit: break line = self.fp.readline(1<<16) # bytes self.bytes_read += len(line) diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index 0922555982..ab8677199f 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -352,6 +352,23 @@ Larry self.assertEqual(fs.list[0].name, 'submit-name') self.assertEqual(fs.list[0].value, 'Larry') + def test_field_storage_multipart_no_content_length(self): + fp = BytesIO(b"""--MyBoundary +Content-Disposition: form-data; name="my-arg"; filename="foo" + +Test + +--MyBoundary-- +""") + env = { + "REQUEST_METHOD": "POST", + "CONTENT_TYPE": "multipart/form-data; boundary=MyBoundary", + "wsgi.input": fp, + } + fields = cgi.FieldStorage(fp, environ=env) + + self.assertEqual(len(fields["my-arg"].file.read()), 5) + def test_fieldstorage_as_context_manager(self): fp = BytesIO(b'x' * 10) env = {'REQUEST_METHOD': 'PUT'} diff --git a/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst new file mode 100644 index 0000000000..726329ad0d --- /dev/null +++ b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst @@ -0,0 +1,2 @@ +Fixes a bug in :mod:`cgi` module when a multipart/form-data request has no +`Content-Length` header. |