[Patches] [ python-Patches-508665 ] Improvement of cgi.parse_qsl function
SourceForge.net
noreply@sourceforge.net
Fri, 16 May 2003 17:41:18 -0700
Patches item #508665, was opened at 2002-01-25 12:23
Message generated for change (Comment added) made by bcannon
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470
>Category: None
>Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Christoph Zwerschke (cito)
Assigned to: Nobody/Anonymous (nobody)
Summary: Improvement of cgi.parse_qsl function
Initial Comment:
I found the parsing function "parse_qsl" in the
module "cgi" to have some flaws. Especially, empty
names are allowed, even if empty values are explicitly
disallowed. If the latter are allowed, "?name=" is
accepted, while "?name" is ignored. Often you want to
use links like "?logout" or "?help". This is not
possible, even if empty values are explicitly allowed.
Also, "strict parsing" objects to "?name=", while it
ignores "?name=a=b=c". My improvement suggestion:
------------- use ----------
for name_value in pairs:
if strict_parsing:
nv = name_value.split('=', 2)
if len(nv) != 2 or not len(nv[0]):
raise ValueError, "bad query field: %s" %
`name_value`
else:
nv = name_value.split('=', 1).append('')
if not len(nv[0]):
continue
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
----------- instead of --------
for name_value in pairs:
nv = name_value.split('=', 1)
if len(nv) != 2:
if strict_parsing:
raise ValueError, "bad query field: %s" %
`name_value`
continue
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
----------------------------------------------------------------------
>Comment By: Brett Cannon (bcannon)
Date: 2003-05-16 17:41
Message:
Logged In: YES
user_id=357491
The issue of "name=" compared to "name=a=b=c" has changed; both are
allowed under strict parsing while "name" is not. The isue with "name" not
being made a key with a blank value is still there.
Christoph, any chance you can create a patch against the CVS version of cgi?
----------------------------------------------------------------------
Comment By: Christoph Zwerschke (cito)
Date: 2002-01-25 12:41
Message:
Logged In: YES
user_id=193957
-------- better use: ----------
<pre>
for name_value in pairs:
if strict_parsing:
nv = name_value.split('=', 2)
if len(nv) != 2 or not len(nv[0]):
raise ValueError, "bad query field: %s" %
`name_value`
else:
nv = name_value.split('=', 1)
if not len(nv[0]):
continue
if len(nv) != 2:
nv.append('')
if len(nv[1]) or keep_blank_values:
name = urllib.unquote(nv[0].replace('+', ' '))
value = urllib.unquote(nv[1].replace('+', ' '))
r.append((name, value))
</pre>
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=508665&group_id=5470