Issue 23952: cgi: Document the 'maxlen' member of the cgi module

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/68140

classification

Title:	cgi: Document the 'maxlen' member of the cgi module
Type:	enhancement	Stage:	resolved
Components:	Documentation, Library (Lib)	Versions:	Python 3.11

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	docs@python	Nosy List:	deadpixi, docs@python, ethan.furman, hugovk, iritkatriel, yatink
Priority:	normal	Keywords:	easy, newcomer friendly, patch

Created on 2015-04-14 17:58 by deadpixi, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 30338	merged	hugovk, 2022-01-02 20:12

Messages (2)
msg240965 - (view)	Author: Rob King (deadpixi)	Date: 2015-04-14 17:58
The cgi module has a global variable, 'maxlen', that specifies the maximum length of a POST request. By default, this limit is 0, meaning an unlimited POST request size. Having an unlimited default opens up CGI scripts to resource-exhaustion attacks. Setting the maxlen variable to a nonzero integer solves this problem, but this fix is not in the official documentation - neither the reference manual nor the module's docstring. I would recommend augmenting the module's docstring with the following statement: "The maxlen variable can be set to an integer indicating the maximum size of a POST request. POST requests larger than this size will result in a ValueError being raised during parsing. The default value of this variable is 0, meaning the request size is unlimited."
msg412633 - (view)	Author: Ethan Furman (ethan.furman) *	Date: 2022-02-06 13:59
New changeset 6c4e44ef8ab550f846ba056d4561efb8256b8eab by Hugo van Kemenade in branch 'main': bpo-23952: Document cgi module's maxlen variable (GH-30338) https://github.com/python/cpython/commit/6c4e44ef8ab550f846ba056d4561efb8256b8eab

History
Date	User	Action	Args
2022-04-11 14:58:15	admin	set	github: 68140
2022-02-06 14:00:05	ethan.furman	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2022-02-06 13:59:38	ethan.furman	set	messages: + msg412633
2022-01-02 20:42:12	ethan.furman	set	nosy: + ethan.furman
2022-01-02 20:12:29	hugovk	set	keywords: + patch nosy: + hugovk pull_requests: + pull_request28550 stage: needs patch -> patch review
2021-12-29 20:28:11	yatink	set	nosy: + yatink
2021-11-21 17:50:24	iritkatriel	set	messages: - msg406733
2021-11-21 17:48:54	iritkatriel	set	type: enhancement components: + Library (Lib) versions: + Python 3.11, - Python 3.7, Python 3.8 keywords: + easy, newcomer friendly nosy: + iritkatriel messages: + msg406733
2018-03-25 23:29:23	cheryl.sabella	set	nosy: + docs@python title: Document the 'maxlen' member of the cgi module -> cgi: Document the 'maxlen' member of the cgi module assignee: docs@python versions: + Python 3.7, Python 3.8, - Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6 components: + Documentation stage: needs patch
2015-04-14 17:58:17	deadpixi	set	versions: + Python 2.7, Python 3.2, Python 3.3
2015-04-14 17:58:05	deadpixi	create