Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cgi.parse_multipart does not have an associated "errors" parameter with its "encoding" parameter #77678

Closed
hawkowl mannequin opened this issue May 14, 2018 · 8 comments
Closed

cgi.parse_multipart does not have an associated "errors" parameter with its "encoding" parameter #77678

hawkowl mannequin opened this issue May 14, 2018 · 8 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes type-bug An unexpected behavior, bug, or error

Comments

@hawkowl
Copy link
Mannequin

hawkowl mannequin commented May 14, 2018

BPO 33497
Nosy @ned-deily, @serhiy-storchaka, @hawkowl
PRs
  • bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors #6804
  • [3.7] bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) #6837
  • bpo-33497: Add NEWS and ACKS entries. #6838
  • [3.7] bpo-33497: Add NEWS and ACKS entries. (GH-6838) #6840
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2018-05-14.22:22:48.621>
created_at = <Date 2018-05-14.14:30:10.229>
labels = ['3.8', 'type-bug', '3.7']
title = 'cgi.parse_multipart does not have an associated "errors" parameter with its "encoding" parameter'
updated_at = <Date 2018-05-15.11:45:32.537>
user = 'https://github.com/hawkowl'

    bugs.python.org fields:

    activity = <Date 2018-05-15.11:45:32.537>
actor = 'hawkowl'
assignee = 'none'
closed = True
closed_date = <Date 2018-05-14.22:22:48.621>
closer = 'ned.deily'
components = []
creation = <Date 2018-05-14.14:30:10.229>
creator = 'hawkowl'
dependencies = []
files = []
hgrepos = []
issue_num = 33497
keywords = ['patch']
message_count = 8.0
messages = ['316510', '316593', '316594', '316596', '316598', '316599', '316601', '316640']
nosy_count = 3.0
nosy_names = ['ned.deily', 'serhiy.storchaka', 'hawkowl']
pr_nums = ['6804', '6837', '6838', '6840']
priority = None
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue33497'
versions = ['Python 3.7', 'Python 3.8']
    @hawkowl
    Copy link
    Mannequin Author

    hawkowl mannequin commented May 14, 2018

    Lack of this parameter means that you may get an exception (if the incoming data is an invalid encoding) you can not get around.

    This causes Twisted to be unable to provide a compatible API on Python 3.7.

    @hawkowl hawkowl mannequin added 3.7 (EOL) end of life type-bug An unexpected behavior, bug, or error labels May 14, 2018
    @ned-deily ned-deily added the 3.8 only security fixes label May 14, 2018
    @ned-deily
    Copy link
    Member

    New changeset 545c955 by Ned Deily (Amber Brown) in branch 'master':
    bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804)
    545c955

    @ned-deily
    Copy link
    Member

    New changeset d063b84 by Ned Deily in branch 'master':
    bpo-33497: Add NEWS and ACKS entries. (GH-6838)
    d063b84

    @ned-deily
    Copy link
    Member

    New changeset e8f968d by Ned Deily (Miss Islington (bot)) in branch '3.7':
    bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in FieldStorage use the given errors (GH-6804) (GH-6837)
    e8f968d

    @ned-deily
    Copy link
    Member

    New changeset 5195039 by Ned Deily (Miss Islington (bot)) in branch '3.7':
    bpo-33497: Add NEWS and ACKS entries. (GH-6838) (GH-6840)
    5195039

    @ned-deily
    Copy link
    Member

    Thanks for the report and the PR, @hawkowl! Merged for 3.7.0rc1.

    @serhiy-storchaka
    Copy link
    Member

    Is 'replace' the good default value? 'strict' is the default value for most encoding/decoding operations. 'surrogateescape' is used if the failure and the loss of information are not desirable (like in filenames decoding). 'backslashreplace' is good if we want to avoid a failure, but want to expose undecodable bytes in human-readable form.

    @hawkowl
    Copy link
    Mannequin Author

    hawkowl mannequin commented May 15, 2018

    This change mirrors the default in FieldStorage (which it calls). If it's not the best option, then it would need to be changed in FieldStorage too.

    (personally, I don't like strict because UnicodeDecodeErrors on untrusted user input kind of sucks, but also replace is kind of broken as well.)

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    3 participants
    @serhiy-storchaka @Yhg1s @ned-deily