Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6579459

Browse files
vstinnervstinner
committed
cgi.FieldStorage.read_multi ignores Content-Length
Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length header in part headers. Patch written by Peter Landry and reviewed by Pierre Quentel.
1 parent 2053aa1 commit 6579459

4 files changed

Lines changed: 29 additions & 0 deletions

File tree

Lib/cgi.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -714,6 +714,11 @@ def read_multi(self, environ, keep_blank_values, strict_parsing):
714714
self.bytes_read += len(hdr_text)
715715
parser.feed(hdr_text.decode(self.encoding, self.errors))
716716
headers = parser.close()
717+
718+
# Some clients add Content-Length for part headers, ignore them
719+
if 'content-length' in headers:
720+
del headers['content-length']
721+
717722
part = klass(self.fp, headers, ib, environ, keep_blank_values,
718723
strict_parsing,self.limit-self.bytes_read,
719724
self.encoding, self.errors)

Lib/test/test_cgi.py

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,25 @@ def test_fieldstorage_multipart_w3c(self):
326326
got = getattr(files[x], k)
327327
self.assertEqual(got, exp)
328328

329+
def test_fieldstorage_part_content_length(self):
330+
BOUNDARY = "JfISa01"
331+
POSTDATA = """--JfISa01
332+
Content-Disposition: form-data; name="submit-name"
333+
Content-Length: 5
334+
335+
Larry
336+
--JfISa01"""
337+
env = {
338+
'REQUEST_METHOD': 'POST',
339+
'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
340+
'CONTENT_LENGTH': str(len(POSTDATA))}
341+
fp = BytesIO(POSTDATA.encode('latin-1'))
342+
fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
343+
self.assertEqual(len(fs.list), 1)
344+
self.assertEqual(fs.list[0].name, 'submit-name')
345+
self.assertEqual(fs.list[0].value, 'Larry')
346+
347+
329348
_qs_result = {
330349
'key1': 'value1',
331350
'key2': ['value2x', 'value2y'],

Misc/ACKS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -773,6 +773,7 @@ Thomas Lamb
773773
Valerie Lambert
774774
Jean-Baptiste "Jiba" Lamy
775775
Ronan Lamy
776+
Peter Landry
776777
Torsten Landschoff
777778
Łukasz Langa
778779
Tino Lange

Misc/NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,10 @@ Core and Builtins
7575
Library
7676
-------
7777

78+
- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
79+
header in part headers. Patch written by Peter Landry and reviewed by Pierre
80+
Quentel.
81+
7882
- Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu.
7983

8084
- Issue #21159: Improve message in configparser.InterpolationMissingOptionError.

0 commit comments

Comments
 (0)