classification
Title: cgi.parse_header fails on double quotes and semicolons
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.2, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Ben.Darnell, orsenthil, petri.lehtinen, python-dev, r.david.murray
Priority: normal Keywords: needs review, patch

Created on 2011-07-10 20:56 by Ben.Darnell, last changed 2011-10-20 16:34 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
issue12529.patch petri.lehtinen, 2011-07-15 18:46 Test & fix
Messages (7)
msg140091 - (view) Author: Ben Darnell (Ben.Darnell) * Date: 2011-07-10 20:56
cgi.parse_header doesn't work on headers that contain combinations of double quotes and semicolons (although it works with either type of character individually).  

>>> cgi.parse_header('form-data; name="files"; filename="fo\\"o;bar"')
('form-data', {'name': 'files', 'filename': '"fo\\"o'})

This issue is present in python 2.7 and 3.2.  One solution is to change _parseparam as follows (same as email.message._parseparam):

def _parseparam(s):
    while s[:1] == ';':
        s = s[1:]
        end = s.find(';')
        while end > 0 and (s.count('"', 0, end) - s.count('\\"', 0, end)) % 2:
            end = s.find(';', end + 1)
        if end < 0:
            end = len(s)
        f = s[:end]
        yield f.strip()
        s = s[end:]
msg140097 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2011-07-11 02:02
The email module header parser handles this correctly (if you make it a real header).  For whatever that's worth :)
msg140453 - (view) Author: Petri Lehtinen (petri.lehtinen) * (Python committer) Date: 2011-07-15 18:46
Attached a patch against 2.7. It adds Ben's example as a test case, and his one-line change to the _parseparam helper function to fix the issue.
msg145919 - (view) Author: Roundup Robot (python-dev) Date: 2011-10-19 16:53
New changeset 489237756488 by Senthil Kumaran in branch '2.7':
Fix closes Issue12529 - cgi.parse_header failure on double quotes and
http://hg.python.org/cpython/rev/489237756488
msg145920 - (view) Author: Roundup Robot (python-dev) Date: 2011-10-19 17:07
New changeset f5bd78b11275 by Senthil Kumaran in branch '3.2':
3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
http://hg.python.org/cpython/rev/f5bd78b11275

New changeset 8564d2b240b6 by Senthil Kumaran in branch 'default':
default - Fix closes Issue12529 - cgi.parse_header failure on double quotes and
http://hg.python.org/cpython/rev/8564d2b240b6
msg145921 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2011-10-19 17:08
Thanks for the patch, Petri and Ben.Darnell.
msg146026 - (view) Author: Roundup Robot (python-dev) Date: 2011-10-20 16:34
New changeset cfc545e028e0 by Senthil Kumaran in branch '3.2':
News entry for Issue12529 and Issue12604
http://hg.python.org/cpython/rev/cfc545e028e0

New changeset 52a4e899966c by Senthil Kumaran in branch 'default':
News entry for Issue12529 and Issue12604
http://hg.python.org/cpython/rev/52a4e899966c

New changeset 6f7ddbfafbb0 by Senthil Kumaran in branch '2.7':
News entry for Issue12529 and Issue12604
http://hg.python.org/cpython/rev/6f7ddbfafbb0
History
Date User Action Args
2011-10-20 16:34:55python-devsetmessages: + msg146026
2011-10-19 17:08:20orsenthilsetnosy: + orsenthil
messages: + msg145921
2011-10-19 17:07:16python-devsetmessages: + msg145920
2011-10-19 16:53:09python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg145919

resolution: fixed
stage: patch review -> resolved
2011-07-15 18:46:27petri.lehtinensetfiles: + issue12529.patch

components: + Library (Lib)
versions: + Python 2.7, Python 3.2
keywords: + patch, needs review
nosy: + petri.lehtinen

messages: + msg140453
stage: patch review
2011-07-11 02:02:20r.david.murraysetnosy: + r.david.murray
messages: + msg140097
2011-07-10 20:56:04Ben.Darnellcreate