[Python-checkins] [3.7] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530) (GH-20892)

Miss Islington (bot) webhook-mailer at python.org
Mon Jun 15 11:33:41 EDT 2020 

https://github.com/python/cpython/commit/aa83935a56d1fd4d72d4de5f0278a240a2d6844d
commit: aa83935a56d1fd4d72d4de5f0278a240a2d6844d
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-06-15T08:33:32-07:00
summary:

[3.7] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530) (GH-20892)



In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
(cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95)


Co-authored-by: roger <rogerduran at gmail.com>

Automerge-Triggered-By: @ned-deily

files:
A Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
M Lib/cgi.py
M Lib/test/test_cgi.py

diff --git a/Lib/cgi.py b/Lib/cgi.py
index df84f1fe69cfb..5a001667efca8 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -217,7 +217,10 @@ def parse_multipart(fp, pdict, encoding="utf-8", errors="replace"):
     ctype = "multipart/form-data; boundary={}".format(boundary)
     headers = Message()
     headers.set_type(ctype)
-    headers['Content-Length'] = pdict['CONTENT-LENGTH']
+    try:
+        headers['Content-Length'] = pdict['CONTENT-LENGTH']
+    except KeyError:
+        pass
     fs = FieldStorage(fp, headers=headers, encoding=encoding, errors=errors,
         environ={'REQUEST_METHOD': 'POST'})
     return {k: fs.getlist(k) for k in fs}
@@ -753,7 +756,8 @@ def read_lines_to_outerboundary(self):
         last_line_lfend = True
         _read = 0
         while 1:
-            if self.limit is not None and _read >= self.limit:
+
+            if self.limit is not None and 0 <= self.limit <= _read:
                 break
             line = self.fp.readline(1<<16) # bytes
             self.bytes_read += len(line)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index b46be67f77329..220268e14f032 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -130,6 +130,20 @@ def test_parse_multipart(self):
                     'file': [b'Testing 123.\n'], 'title': ['']}
         self.assertEqual(result, expected)
 
+    def test_parse_multipart_without_content_length(self):
+        POSTDATA = '''--JfISa01
+Content-Disposition: form-data; name="submit-name"
+
+just a string
+
+--JfISa01--
+'''
+        fp = BytesIO(POSTDATA.encode('latin1'))
+        env = {'boundary': 'JfISa01'.encode('latin1')}
+        result = cgi.parse_multipart(fp, env)
+        expected = {'submit-name': ['just a string\n']}
+        self.assertEqual(result, expected)
+
     def test_parse_multipart_invalid_encoding(self):
         BOUNDARY = "JfISa01"
         POSTDATA = """--JfISa01
diff --git a/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst b/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
new file mode 100644
index 0000000000000..2656b4bf22ae4
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-07-29-12-14-54.bpo-34226.BE7zbu.rst
@@ -0,0 +1 @@
+Fix `cgi.parse_multipart` without content_length. Patch by Roger Duran

More information about the Python-checkins mailing list