Message129400
It does work (Python 2.7.1 here):
>>> import cgi
>>> cgi.parse_header('Content-Disposition: form-data; name=""%22"')
('Content-Disposition: form-data', {'name': '"%22'})
>>> cgi.parse_header('Content-Disposition: form-data; name="\\"%22"')
('Content-Disposition: form-data', {'name': '"%22'})
However as the unescaping is done sequential .replace, one can construct a header to make it unescape incorrectly:
>>> cgi.parse_header('Content-Disposition: form-data; name="\\\\"%22"')
('Content-Disposition: form-data', {'name': '"%22'})
Which should be:
('Content-Disposition: form-data', {'name': '\\"%22'})
That probably doesn't matter anyway. |
|
Date |
User |
Action |
Args |
2011-02-25 18:47:00 | mlk | set | recipients:
+ mlk, v+python, r.david.murray |
2011-02-25 18:47:00 | mlk | set | messageid: <1298659620.06.0.00772703045477.issue11269@psf.upfronthosting.co.za> |
2011-02-25 18:46:57 | mlk | link | issue11269 messages |
2011-02-25 18:46:57 | mlk | create | |
|