From: Victor Stinner Date: Tue, 18 Aug 2015 17:23:16 +0000 (-0700) Subject: (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length X-Git-Tag: v3.6.0a1~1761^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e26dc7ef60c19f57e779bb1f7906e446d71d343;p=python (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-Length Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length header in part headers. Patch written by Peter Landry and reviewed by Pierre Quentel. --- 1e26dc7ef60c19f57e779bb1f7906e446d71d343 diff --cc Lib/test/test_cgi.py index a7a9d02fa6,6b28106bd3..ab9f6ab6a5 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@@ -326,16 -326,24 +326,34 @@@ Content-Type: text/plai got = getattr(files[x], k) self.assertEqual(got, exp) + def test_fieldstorage_part_content_length(self): + BOUNDARY = "JfISa01" + POSTDATA = """--JfISa01 + Content-Disposition: form-data; name="submit-name" + Content-Length: 5 + + Larry + --JfISa01""" + env = { + 'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': 'multipart/form-data; boundary={}'.format(BOUNDARY), + 'CONTENT_LENGTH': str(len(POSTDATA))} + fp = BytesIO(POSTDATA.encode('latin-1')) + fs = cgi.FieldStorage(fp, environ=env, encoding="latin-1") + self.assertEqual(len(fs.list), 1) + self.assertEqual(fs.list[0].name, 'submit-name') + self.assertEqual(fs.list[0].value, 'Larry') + + def test_fieldstorage_as_context_manager(self): + fp = BytesIO(b'x' * 10) + env = {'REQUEST_METHOD': 'PUT'} + with cgi.FieldStorage(fp=fp, environ=env) as fs: + content = fs.file.read() + self.assertFalse(fs.file.closed) + self.assertTrue(fs.file.closed) + self.assertEqual(content, 'x' * 10) + with self.assertRaisesRegex(ValueError, 'I/O operation on closed file'): + fs.file.read() _qs_result = { 'key1': 'value1', diff --cc Misc/NEWS index f9b9a367fe,70c3e1dc05..10948818a6 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -13,39 -13,64 +13,43 @@@ Core and Builtin - Issue #21167: NAN operations are now handled correctly when python is compiled with ICC even if -fp-model strict is not specified. -- Issue #4395: Better testing and documentation of binary operators. - Patch by Martin Panter. - -- Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray - object now always allocates place for trailing null byte and it's buffer now - is always null-terminated. - -- Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(), - PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains() - to check for and handle errors correctly. - -- Issue #24257: Fixed system error in the comparison of faked - types.SimpleNamespace. - -- Issue #22939: Fixed integer overflow in iterator object. Patch by - Clement Rouault. - -- Issue #23985: Fix a possible buffer overrun when deleting a slice from - the front of a bytearray and then appending some other bytes data. - -- Issue #24102: Fixed exception type checking in standard error handlers. +Library +------- -- Issue #23757: PySequence_Tuple() incorrectly called the concrete list API - when the data was a list subclass. ++- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length ++ header in part headers. Patch written by Peter Landry and reviewed by Pierre ++ Quentel. + -- Issue #24407: Fix crash when dict is mutated while being updated. +- Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu. -- Issue #24096: Make warnings.warn_explicit more robust against mutation of the - warnings.filters list. +- Issue #21159: Improve message in configparser.InterpolationMissingOptionError. + Patch from Łukasz Langa. -- Issue #23996: Avoid a crash when a delegated generator raises an - unnormalized StopIteration exception. Patch by Stefan Behnel. +- Issue #24847: Fixes tcltk installer layout of VC runtime DLL -- Issue #24022: Fix tokenizer crash when processing undecodable source code. +- Issue #24839: platform._syscmd_ver raises DeprecationWarning -- Issue #23309: Avoid a deadlock at shutdown if a daemon thread is aborted - while it is holding a lock to a buffered I/O object, and the main thread - tries to use the same I/O object (typically stdout or stderr). A fatal - error is emitted instead. +- Issue #24867: Fix Task.get_stack() for 'async def' coroutines -- Issue #22977: Fixed formatting Windows error messages on Wine. - Patch by Martin Panter. +Documentation +------------- -- Issue #23803: Fixed str.partition() and str.rpartition() when a separator - is wider then partitioned string. +- Issue #23725: Overhaul tempfile docs. Note deprecated status of mktemp. + Patch from Zbigniew Jędrzejewski-Szmek. -- Issue #23192: Fixed generator lambdas. Patch by Bruno Cauet. +What's New in Python 3.5.0 release candidate 1? +=============================================== -- Issue #23629: Fix the default __sizeof__ implementation for variable-sized - objects. +Release date: 2015-08-09 -- Issue #24044: Fix possible null pointer dereference in list.sort in out of - memory conditions. +Core and Builtins +----------------- -- Issue #21354: PyCFunction_New function is exposed by python DLL again. +- Issue #24492: A "package" lacking a __name__ attribute when trying to perform + a ``from .. import ...`` statement will trigger an ImportError instead of an + AttributeError. -- Issue #23812: Fix asyncio.Queue.get() to avoid loosing items on cancellation. - Patch by Gustavo J. A. M. Carneiro. +- Issue #24667: Resize odict in all cases that the underlying dict resizes. Library -------