From jim@digicool.com Tue Jun 1 21:10:35 1999 From: jim@digicool.com (Jim Fulton) Date: Tue, 01 Jun 1999 16:10:35 -0400 Subject: [Python-bugs-list] The Python 1.5.2 cgi module doesn't handle PUT requests properly Message-ID: <37543E3B.FA6738DD@digicool.com> This is a multi-part message in MIME format. --------------7C92C4AFE09F003C6019498C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The cgi module in Python 1.5.2 sets the content-type to application/x-www-form-urlencoded when no content-type header is provided. This is an error. It is legal for HTTP requests to ommit this header and most (or at least the most widely used ;) clients don't include a content type in PUT requests, which are used by many publishing tools. I've attached a context diff that fixes this problem. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. --------------7C92C4AFE09F003C6019498C Content-Type: text/plain; charset=us-ascii; name="t" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="t" diff -c /projects/python/src/Python-1.5.2/Lib/cgi.py cgi.py *** /projects/python/src/Python-1.5.2/Lib/cgi.py Fri Jan 8 12:42:03 1999 --- cgi.py Tue Jun 1 16:04:25 1999 *************** *** 841,850 **** # but it happens to be something we don't understand. if self.headers.has_key('content-type'): ctype, pdict = parse_header(self.headers['content-type']) - elif self.outerboundary: - ctype, pdict = "text/plain", {} else: ! ctype, pdict = 'application/x-www-form-urlencoded', {} self.type = ctype self.type_options = pdict self.innerboundary = "" --- 841,848 ---- # but it happens to be something we don't understand. if self.headers.has_key('content-type'): ctype, pdict = parse_header(self.headers['content-type']) else: ! ctype, pdict = "text/plain", {} self.type = ctype self.type_options = pdict self.innerboundary = "" *************** *** 867,873 **** self.read_urlencoded() elif ctype[:10] == 'multipart/': self.read_multi(environ, keep_blank_values, strict_parsing) ! elif self.outerboundary: # we're in an inner part, but the content-type wasn't something we # understood. default to read_single() because the resulting # FieldStorage won't be a mapping (and doesn't need to be). --- 865,872 ---- self.read_urlencoded() elif ctype[:10] == 'multipart/': self.read_multi(environ, keep_blank_values, strict_parsing) ! elif (self.outerboundary or ! ctype!= 'application/x-www-form-urlencoded'): # we're in an inner part, but the content-type wasn't something we # understood. default to read_single() because the resulting # FieldStorage won't be a mapping (and doesn't need to be). --------------7C92C4AFE09F003C6019498C-- From guido@CNRI.Reston.VA.US Tue Jun 1 22:14:08 1999 From: guido@CNRI.Reston.VA.US (Guido van Rossum) Date: Tue, 01 Jun 1999 17:14:08 -0400 Subject: [Python-bugs-list] The Python 1.5.2 cgi module doesn't handle PUT requests properly In-Reply-To: Your message of "Tue, 01 Jun 1999 16:10:35 EDT." <37543E3B.FA6738DD@digicool.com> References: <37543E3B.FA6738DD@digicool.com> Message-ID: <199906012114.RAA03053@eric.cnri.reston.va.us> > The cgi module in Python 1.5.2 sets the content-type to > application/x-www-form-urlencoded when no content-type header is > provided. This is an error. It is legal for HTTP requests to > ommit this header and most (or at least the most widely used ;) > clients don't include a content type in PUT requests, which are > used by many publishing tools. > > I've attached a context diff that fixes this problem. Jim, I don't know how you found the python-bugs mailing address -- it's best not to use it until we announce it. Our Jitterbug experiments are still in a very early phase (if you have a better solution for bug tracking e.g. whatever you use for Zope, I'd appreciate trying it out...). In response to your problem report, the situation is more complicated than you think. Classically, cgi.py is used only to handle GET and POST requests (not PUT) and for POST, unfortunately there are clients out there that send a POST command with urlencoded data without a content-type header. The code in 1.5.1 always defaulted to text/plain (as your proposed fix does), but this caused problems when a POST request forgot the content-type header. (Unfortunately I've forgotten who reported this -- perhaps it was Mike Meyer. This is why we need a bug tracking system!) Anyway it has been in 1.5.2b2 and c1 (Yes, I know you were too busy to try those out.) Would it help if I changed the code so that urlencoded is only used as the default when there is no outer boundary *and* the method is POST? Like this: Index: cgi.py =================================================================== RCS file: /projects/cvsroot/python/dist/src/Lib/cgi.py,v retrieving revision 1.42 diff -c -r1.42 cgi.py *** cgi.py 1999/01/08 17:42:03 1.42 --- cgi.py 1999/06/01 21:13:15 *************** *** 841,847 **** # but it happens to be something we don't understand. if self.headers.has_key('content-type'): ctype, pdict = parse_header(self.headers['content-type']) ! elif self.outerboundary: ctype, pdict = "text/plain", {} else: ctype, pdict = 'application/x-www-form-urlencoded', {} --- 841,847 ---- # but it happens to be something we don't understand. if self.headers.has_key('content-type'): ctype, pdict = parse_header(self.headers['content-type']) ! elif self.outerboundary or method != 'POST': ctype, pdict = "text/plain", {} else: ctype, pdict = 'application/x-www-form-urlencoded', {} --Guido van Rossum (home page: http://www.python.org/~guido/)