[Patches] [ python-Patches-508665 ] Improvement of cgi.parse_qsl
function
SourceForge.net
noreply at sourceforge.net
Sun Mar 21 17:28:41 EST 2004
Patches item #508665, was opened at 2002-01-25 12:23
Message generated for change (Comment added) made by bcannon
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470
Category: None
Group: None
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Christoph Zwerschke (cito)
Assigned to: Brett Cannon (bcannon)
Summary: Improvement of cgi.parse_qsl function
Initial Comment:
I found the parsing function "parse_qsl" in the
module "cgi" to have some flaws. Especially, empty
names are allowed, even if empty values are explicitly
disallowed. If the latter are allowed, "?name=" is
accepted, while "?name" is ignored. Often you want to
use links like "?logout" or "?help". This is not
possible, even if empty values are explicitly allowed.
Also, "strict parsing" objects to "?name=", while it
ignores "?name=a=b=c". My improvement suggestion:
------------- use ----------
for name_value in pairs:
if strict_parsing:
nv = name_value.split('=', 2)
if len(nv) != 2 or not len(nv[0]):
raise ValueError, "bad query field: %s" %
`name_value`
else:
nv = name_value.split('=', 1).append('')
if not len(nv[0]):
continue
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
----------- instead of --------
for name_value in pairs:
nv = name_value.split('=', 1)
if len(nv) != 2:
if strict_parsing:
raise ValueError, "bad query field: %s" %
`name_value`
continue
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
----------------------------------------------------------------------
>Comment By: Brett Cannon (bcannon)
Date: 2004-03-21 14:28
Message:
Logged In: YES
user_id=357491
The case for having a control-name with no equal sign has been fixed to
be acceptable when allow_blank_values is true.
The case for having "name=a=b=c" was not changed, though. I could
not find anywhere to say that is actually illegal. Also, the tests from
test_cgi specifically test for this and allow it.
Fixed in Lib/cgi.py, rev. 1.78 .
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2004-03-20 14:29
Message:
Logged In: YES
user_id=31435
Brett, since you seemed to know something about this, how
about closing it? You just got the honor of having our oldest
open patch assigned to you <wink>.
----------------------------------------------------------------------
Comment By: Christoph Zwerschke (cito)
Date: 2003-05-19 07:05
Message:
Logged In: YES
user_id=193957
The problem with empty names is still the same.
Is this what you need?
cvs diff cgi.py (in directory C:\Temp\python\python\dist\src\Lib\)
Index: cgi.py
================================================
===================
RCS file: /cvsroot/python/python/dist/src/Lib/cgi.py,v
retrieving revision 1.76
diff -r1.76 cgi.py
212,214c212,214
< nv = name_value.split('=', 1)
< if len(nv) != 2:
< if strict_parsing:
---
> if strict_parsing:
> nv = name_value.split('=', 2)
> if len(nv) != 2 or not len(nv[0]):
216c216,221
< continue
---
> else:
> nv = name_value.split('=', 1)
> if not len(nv[0]):
> continue
> if len(nv) != 2:
> nv.append('')
----------------------------------------------------------------------
Comment By: Brett Cannon (bcannon)
Date: 2003-05-16 17:41
Message:
Logged In: YES
user_id=357491
The issue of "name=" compared to "name=a=b=c" has changed; both are
allowed under strict parsing while "name" is not. The isue with "name" not
being made a key with a blank value is still there.
Christoph, any chance you can create a patch against the CVS version of cgi?
----------------------------------------------------------------------
Comment By: Christoph Zwerschke (cito)
Date: 2002-01-25 12:41
Message:
Logged In: YES
user_id=193957
-------- better use: ----------
<pre>
for name_value in pairs:
if strict_parsing:
nv = name_value.split('=', 2)
if len(nv) != 2 or not len(nv[0]):
raise ValueError, "bad query field: %s" %
`name_value`
else:
nv = name_value.split('=', 1)
if not len(nv[0]):
continue
if len(nv) != 2:
nv.append('')
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
</pre>
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470
More information about the Patches
mailing list