This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: maximum length not enforced in cgi.parse()
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 3.1, Python 3.2, Python 2.7
process
Status: languishing Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: adr26
Priority: normal Keywords:

Created on 2005-11-27 17:47 by adr26, last changed 2022-04-11 14:56 by admin.

Messages (3)
msg26928 - (view) Author: Andrew Rogers (adr26) Date: 2005-11-27 17:47
I have a simple form in HTML to upload a file:

<form action="http://foo/cgi-bin/test.py" 
enctype="multipart/form-data" method="post">
<p>
Please specify a file:<br>
<input type="file" name="file_1" size="40">
</p>
<p>
<input type="submit" value="Send">
</p>
</form>

I use this to post to a CGI python script that looks 
like this:

import cgi
import cgitb; cgitb.enable()

cgi.maxlen = 50

print "Content-type: text/plain"
print

q = cgi.parse()
print q

I was expecting that cgi.pm would then throw an 
exception if I send a file > 50 bytes long to it. If 
I construct a FieldStorage object, it certainly
does:

form = cgi.FieldStorage()
print form

The issue is that in parse_multipart() in cgi.pm, if 
a part of a multi-part message does not have the 
Content-Length header, you read lines until you
get to the next boundary "--...", but don't honour 
maxlen whilst doing so. I'd consider this to be a bug 
and would even be happy to have a go at fixing
it as my first contribution to Python, should others 
concur with me... :-)
msg109880 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2010-07-10 15:36
Andrew could you please provide a patch.
msg115231 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2010-08-30 16:50
No reply to msg109880.
History
Date User Action Args
2022-04-11 14:56:14adminsetgithub: 42628
2014-02-03 19:54:39BreamoreBoysetnosy: - BreamoreBoy
2010-08-31 03:41:34r.david.murraysetstatus: closed -> languishing
2010-08-30 16:50:01BreamoreBoysetstatus: open -> closed
resolution: wont fix
messages: + msg115231
2010-07-10 15:36:42BreamoreBoysetnosy: + BreamoreBoy

messages: + msg109880
versions: + Python 3.1, Python 2.7, Python 3.2, - Python 2.6, Python 3.0
2009-03-30 22:09:42ajaksu2setstage: test needed
type: behavior
versions: + Python 2.6, Python 3.0, - Python 2.4
2005-11-27 17:47:58adr26create