fix bug #110661 (PR#356) -- accept either & or ; as separator for CGI

jeremyhylton · jeremyhylton · commit afde7e24b6c7 · 2000-09-15T20:06:57.000Z
query string
also some doc string reformatting and use of string methods instead of
    older string.splitfields
diff --git a/Lib/cgi.py b/Lib/cgi.py
@@ -176,27 +176,26 @@ def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
 def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):
     """Parse a query given as a string argument.
 
-        Arguments:
+    Arguments:
 
-        qs: URL-encoded query string to be parsed
+    qs: URL-encoded query string to be parsed
 
-        keep_blank_values: flag indicating whether blank values in
-            URL encoded queries should be treated as blank strings.  
-            A true value indicates that blanks should be retained as 
-            blank strings.  The default false value indicates that
-            blank values are to be ignored and treated as if they were
-            not included.
+    keep_blank_values: flag indicating whether blank values in
+        URL encoded queries should be treated as blank strings.  A
+        true value indicates that blanks should be retained as blank
+        strings.  The default false value indicates that blank values
+        are to be ignored and treated as if they were  not included.
 
-        strict_parsing: flag indicating what to do with parsing errors.
-            If false (the default), errors are silently ignored.
-            If true, errors raise a ValueError exception.
+    strict_parsing: flag indicating what to do with parsing errors. If
+        false (the default), errors are silently ignored. If true,
+        errors raise a ValueError exception. 
 
-       Returns a list, as God intended.
+    Returns a list, as G-d intended.
     """
-    name_value_pairs = string.splitfields(qs, '&')
-    r=[]
-    for name_value in name_value_pairs:
-        nv = string.splitfields(name_value, '=', 1)
+    pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')]
+    r = []
+    for name_value in pairs:
+        nv = name_value.split('=', 1)
         if len(nv) != 2:
             if strict_parsing:
                 raise ValueError, "bad query field: %s" % `name_value`
diff --git a/Lib/test/output/test_cgi b/Lib/test/output/test_cgi
@@ -2,8 +2,11 @@ test_cgi
 ''
 '&'
 '&&'
+';'
+';&;'
 '='
 '=&='
+'=;='
 '=a'
 '&=a'
 '=a&'
@@ -17,6 +20,8 @@ test_cgi
 'a=a+b&b=b+c'
 'a=a+b&a=b+a'
 'x=1&y=2.0&z=2-3.%2b0'
+'x=1;y=2.0&z=2-3.%2b0'
+'x=1;y=2.0;z=2-3.%2b0'
 'Hbc5161168c542333633315dee1182227:key_store_seqid=400006&cuyer=r&view=bustomer&order_id=0bb2e248638833d48cb7fed300000f1b&expire=964546263&lobale=en-US&kid=130003.300038&ss=env'
 'group_id=5470&set=custom&_assigned_to=31392&_status=1&_category=100&SUBMIT=Browse'
 Testing log
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
@@ -58,9 +58,12 @@ def do_test(buf, method):
     ("", ValueError("bad query field: ''")),
     ("&", ValueError("bad query field: ''")),
     ("&&", ValueError("bad query field: ''")),
+    (";", ValueError("bad query field: ''")),
+    (";&;", ValueError("bad query field: ''")),
     # Should the next few really be valid?
     ("=", {}),
     ("=&=", {}),
+    ("=;=", {}),
     # This rest seem to make sense
     ("=a", {'': ['a']}),
     ("&=a", ValueError("bad query field: ''")),
@@ -75,6 +78,8 @@ def do_test(buf, method):
     ("a=a+b&b=b+c", {'a': ['a b'], 'b': ['b c']}),
     ("a=a+b&a=b+a", {'a': ['a b', 'b a']}),
     ("x=1&y=2.0&z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}),
+    ("x=1;y=2.0&z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}),
+    ("x=1;y=2.0;z=2-3.%2b0", {'x': ['1'], 'y': ['2.0'], 'z': ['2-3.+0']}),
     ("Hbc5161168c542333633315dee1182227:key_store_seqid=400006&cuyer=r&view=bustomer&order_id=0bb2e248638833d48cb7fed300000f1b&expire=964546263&lobale=en-US&kid=130003.300038&ss=env",
      {'Hbc5161168c542333633315dee1182227:key_store_seqid': ['400006'],
       'cuyer': ['r'],
