cgi.FieldStorage.read_multi ignores Content-Length

Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
header in part headers. Patch written by Peter Landry and reviewed by Pierre
Quentel.

diff --git a/Lib/cgi.py b/Lib/cgi.py
index 6959c9e5dbd5645882f5e8b24fb6850b1e688279..45badf6cc64b684eab93ae000691106f450b1506 100755 (executable)
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -714,6 +714,11 @@ class FieldStorage:
             self.bytes_read += len(hdr_text)
             parser.feed(hdr_text.decode(self.encoding, self.errors))
             headers = parser.close()
+
+            # Some clients add Content-Length for part headers, ignore them
+            if 'content-length' in headers:
+                del headers['content-length']
+
             part = klass(self.fp, headers, ib, environ, keep_blank_values,
                          strict_parsing,self.limit-self.bytes_read,
                          self.encoding, self.errors)

diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index d2c326bfb20937df7a96b81562fc6a9cdd2d8662..6b28106bd3617203eb5e94f913b758cc69fae60e 100644 (file)
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -326,6 +326,25 @@ Content-Type: text/plain
                 got = getattr(files[x], k)
                 self.assertEqual(got, exp)
 
+    def test_fieldstorage_part_content_length(self):
+        BOUNDARY = "JfISa01"
+        POSTDATA = """--JfISa01
+Content-Disposition: form-data; name="submit-name"
+Content-Length: 5
+
+Larry
+--JfISa01"""
+        env = {
+            'REQUEST_METHOD': 'POST',
+            'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY),
+            'CONTENT_LENGTH': str(len(POSTDATA))}
+        fp = BytesIO(POSTDATA.encode('latin-1'))
+        fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1")
+        self.assertEqual(len(fs.list), 1)
+        self.assertEqual(fs.list[0].name, 'submit-name')
+        self.assertEqual(fs.list[0].value, 'Larry')
+
+
     _qs_result = {
         'key1': 'value1',
         'key2': ['value2x', 'value2y'],

diff --git a/Misc/ACKS b/Misc/ACKS
index 4a6f6b76c6f6290256afb5188833e6ba7d085e8e..395b9e502be9ad470053710754eba8f3a8c38926 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -773,6 +773,7 @@ Thomas Lamb
 Valerie Lambert
 Jean-Baptiste "Jiba" Lamy
 Ronan Lamy
+Peter Landry
 Torsten Landschoff
 Łukasz Langa
 Tino Lange

diff --git a/Misc/NEWS b/Misc/NEWS
index 38e8031aa7f83045591d89dba5e8203106570c24..70c3e1dc0577ac3d86e0c59c2c8396b60b26d102 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -75,6 +75,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length
+  header in part headers. Patch written by Peter Landry and reviewed by Pierre
+  Quentel.
+
 - Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu.
 
 - Issue #21159: Improve message in configparser.InterpolationMissingOptionError.