[ python-Bugs-1367631 ] maximum length not enforce in cgi.parse()

Sun Nov 27 18:47:58 CET 2005

Bugs item #1367631, was opened at 2005-11-27 17:47
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1367631&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Submitted By: Andrew Rogers (adr26)
Assigned to: Nobody/Anonymous (nobody)
Summary: maximum length not enforce in cgi.parse()

Initial Comment:
I have a simple form in HTML to upload a file:

<form action="http://foo/cgi-bin/test.py" 
enctype="multipart/form-data" method="post">
<p>
Please specify a file:<br>
<input type="file" name="file_1" size="40">
</p>
<p>
<input type="submit" value="Send">
</p>
</form>

I use this to post to a CGI python script that looks 
like this:

import cgi
import cgitb; cgitb.enable()

cgi.maxlen = 50

print "Content-type: text/plain"
print

q = cgi.parse()
print q

I was expecting that cgi.pm would then throw an 
exception if I send a file > 50 bytes long to it. If 
I construct a FieldStorage object, it certainly
does:

form = cgi.FieldStorage()
print form

The issue is that in parse_multipart() in cgi.pm, if 
a part of a multi-part message does not have the 
Content-Length header, you read lines until you
get to the next boundary "--...", but don't honour 
maxlen whilst doing so. I'd consider this to be a bug 
and would even be happy to have a go at fixing
it as my first contribution to Python, should others 
concur with me... :-)

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1367631&group_id=5470