[Web-SIG] Prototype of wsgi.input.readline().

Chris McDonough chrism at plope.com
Thu Jan 31 04:38:22 CET 2008 

Graham Dumpleton wrote:
> On 31/01/2008, Chris McDonough <chrism at plope.com> wrote:
>> Graham Dumpleton wrote:
>>>>> If the size argument is made mandatory, then it would parallel how
>>>>> read() function is defined, but this in itself would mean
>>>>> cgi.FieldStorage would break.
>>>>>
>>>>> This is because cgi.FieldStorage actually calls readline() with no
>>>>> argument as well as an argument in different places in the code.
>>>> cgi.FieldStorage doesn't call readline() without an argument.
>>>> cgi.parse_multipart does, but this function is not used by cgi.FieldStorage.  I
>>>> don't know if this changes anything.
>>> Not really, I should have said 'cgi' module as a whole rather than
>>> specifically cgi.FieldStorage. Given that people might be using
>>> cgi.parse_multipart in standard CGI, there would probably still be an
>>> expectation that it worked for WSGI. We can't really say that you can
>>> use cgi.FieldStorage but not cgi.parse_multipart. People will just
>>> expect all the normal tools people would use for this to work.
>> Personally, I think parse_multipart should go away.  It's not suitable for
>> anything but toy usage.
> 
> Not necessarily. Someone may see it as a trade off. The code itself says:
> 
> """This is easy to use but not
>     much good if you are expecting megabytes to be uploaded -- in that case,
>     use the FieldStorage class instead which is much more flexible."""
> 
> So comment implies it is easier to use and so some may think it is
> simpler for what they are doing if they are only dealing with small
> requests.
> 
> Of course, it would probably be prudent if you know your requests are
> always going to be small to use LimitRequestBody in Apache, or a
> specific check on content length if handled in Python code, to block
> someone sending over sized requests intentionally to try and break
> things. Provided you did this, may be quite reasonable to use it in
> specific circumstances.

Indeed.  But then again, I doubt the casual user would be able to make this 
judgment and take the necessary precautions.  This kind of user is likely the 
same class of user for whom CGI.FieldStorage is "too hard" (which it really isn't).

- C

More information about the Web-SIG mailing list