[Patches] [ python-Patches-508665 ] Improvement of cgi.parse_qsl function

SourceForge.net noreply@sourceforge.net
Fri, 16 May 2003 17:41:18 -0700 

Patches item #508665, was opened at 2002-01-25 12:23
Message generated for change (Comment added) made by bcannon
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470

>Category: None
>Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Christoph Zwerschke (cito)
Assigned to: Nobody/Anonymous (nobody)
Summary: Improvement of cgi.parse_qsl function

Initial Comment:
I found the parsing function "parse_qsl" in the 
module "cgi" to have some flaws. Especially, empty 
names are allowed, even if empty values are explicitly 
disallowed. If the latter are allowed, "?name=" is 
accepted, while "?name" is ignored. Often you want to 
use links like "?logout" or "?help". This is not 
possible, even if empty values are explicitly allowed. 
Also, "strict parsing" objects to "?name=", while it 
ignores "?name=a=b=c". My improvement suggestion:

------------- use ----------

for name_value in pairs:
    if strict_parsing:
        nv = name_value.split('=', 2)
        if len(nv) != 2 or not len(nv[0]):
            raise ValueError, "bad query field: %s" % 
`name_value`
    else:
        nv = name_value.split('=', 1).append('')
        if not len(nv[0]):
            continue
    if len(nv[1]) or keep_blank_values:
        name = urllib.unquote(nv[0].replace('+', ' '))
        value = urllib.unquote(nv[1].replace('+', ' '))
        r.append((name, value))

----------- instead of --------

for name_value in pairs:
    nv = name_value.split('=', 1)
    if len(nv) != 2:
        if strict_parsing:
            raise ValueError, "bad query field: %s" % 
`name_value`
        continue
    if len(nv[1]) or keep_blank_values:
        name = urllib.unquote(nv[0].replace('+', ' '))
        value = urllib.unquote(nv[1].replace('+', ' '))
        r.append((name, value))


----------------------------------------------------------------------

>Comment By: Brett Cannon (bcannon)
Date: 2003-05-16 17:41

Message:
Logged In: YES 
user_id=357491

The issue of "name=" compared to "name=a=b=c" has changed; both are 
allowed under strict parsing while "name" is not.  The isue with "name" not 
being made a key with a blank value is still there.

Christoph, any chance you can create a patch against the CVS version of cgi?

----------------------------------------------------------------------

Comment By: Christoph Zwerschke (cito)
Date: 2002-01-25 12:41

Message:
Logged In: YES 
user_id=193957

-------- better use: ---------- 

<pre>

for name_value in pairs:
    if strict_parsing:
        nv = name_value.split('=', 2)
        if len(nv) != 2 or not len(nv[0]):
            raise ValueError, "bad query field: %s" % 
`name_value`
    else:
        nv = name_value.split('=', 1)
        if not len(nv[0]):
            continue
        if len(nv) != 2:
            nv.append('')
    if len(nv[1]) or keep_blank_values:
        name = urllib.unquote(nv[0].replace('+', ' '))
        value = urllib.unquote(nv[1].replace('+', ' '))
        r.append((name, value))

</pre>

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470