Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maximum length not enforced in cgi.parse() #42628

Closed
adr26 mannequin opened this issue Nov 27, 2005 · 5 comments
Closed

maximum length not enforced in cgi.parse() #42628

adr26 mannequin opened this issue Nov 27, 2005 · 5 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@adr26
Copy link
Mannequin

adr26 mannequin commented Nov 27, 2005

BPO 1367631

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = None
created_at = <Date 2005-11-27.17:47:58.000>
labels = ['type-bug', 'library']
title = 'maximum length not enforced in cgi.parse()'
updated_at = <Date 2014-02-03.19:54:39.486>
user = 'https://bugs.python.org/adr26'

bugs.python.org fields:

activity = <Date 2014-02-03.19:54:39.486>
actor = 'BreamoreBoy'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2005-11-27.17:47:58.000>
creator = 'adr26'
dependencies = []
files = []
hgrepos = []
issue_num = 1367631
keywords = []
message_count = 3.0
messages = ['26928', '109880', '115231']
nosy_count = 1.0
nosy_names = ['adr26']
pr_nums = []
priority = 'normal'
resolution = 'wont fix'
stage = 'test needed'
status = 'languishing'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue1367631'
versions = ['Python 3.1', 'Python 2.7', 'Python 3.2']
@adr26
Copy link
Mannequin Author

adr26 mannequin commented Nov 27, 2005

I have a simple form in HTML to upload a file:

<form action="http://foo/cgi-bin/test.py"
enctype="multipart/form-data" method="post">
<p>
Please specify a file:<br>
<input type="file" name="file_1" size="40">
</p>
<p>
<input type="submit" value="Send">
</p>
</form>

I use this to post to a CGI python script that looks
like this:

import cgi
import cgitb; cgitb.enable()

cgi.maxlen = 50

print "Content-type: text/plain"
print

q = cgi.parse()
print q

I was expecting that cgi.pm would then throw an
exception if I send a file > 50 bytes long to it. If
I construct a FieldStorage object, it certainly
does:

form = cgi.FieldStorage()
print form

The issue is that in parse_multipart() in cgi.pm, if
a part of a multi-part message does not have the
Content-Length header, you read lines until you
get to the next boundary "--...", but don't honour
maxlen whilst doing so. I'd consider this to be a bug
and would even be happy to have a go at fixing
it as my first contribution to Python, should others
concur with me... :-)

@adr26 adr26 mannequin added stdlib Python modules in the Lib dir labels Nov 27, 2005
@devdanzin devdanzin mannequin added type-bug An unexpected behavior, bug, or error labels Mar 30, 2009
@BreamoreBoy
Copy link
Mannequin

BreamoreBoy mannequin commented Jul 10, 2010

Andrew could you please provide a patch.

@BreamoreBoy
Copy link
Mannequin

BreamoreBoy mannequin commented Aug 30, 2010

No reply to msg109880.

@BreamoreBoy BreamoreBoy mannequin closed this as completed Aug 30, 2010
@BreamoreBoy BreamoreBoy mannequin closed this as completed Aug 30, 2010
@bitdancer bitdancer reopened this Aug 31, 2010
@bitdancer bitdancer added the stale Stale PR or inactive for long period of time. label Aug 31, 2010
@bitdancer bitdancer reopened this Aug 31, 2010
@bitdancer bitdancer added the stale Stale PR or inactive for long period of time. label Aug 31, 2010
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
@hugovk
Copy link
Member

hugovk commented Apr 11, 2022

Let's close this old issue, the cgi module is deprecated in 3.11 and set for removal in 3.13.

See PEP 594 – Removing dead batteries from the standard library, #91217 and #32410.

There's a fork at https://pypi.org/project/legacy-cgi/.

@hugovk hugovk closed this as completed Apr 11, 2022
@AlexWaygood
Copy link
Member

Let's close this old issue, the cgi module is deprecated in 3.11 and set for removal in 3.13.

See PEP 594 – Removing dead batteries from the standard library, #91217 and #32410.

There's a fork at https://pypi.org/project/legacy-cgi/.

Cc. @adr26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bitdancer @hugovk @AlexWaygood