Author taleinat
Recipients MHordecki, efosmark, eric.araujo, flox, jonas.wagner, milesck, quentel, r.david.murray, taleinat, vstinner
Date 2011-07-04.07:55:57
SpamBayes Score 1.20924e-10
Marked as misclassified No
Message-id <>
The patch seems broken to me.

In cgi.parse_multipart(), the 'boundary' variable can be a string even though it is concatenated to bytes. Its default value is a string, and a string can be given via the pdict argument. There is no validity check other than valid_boundary(), which allows both string and bytes.

Most of the changes to are entirely unrelated. The one test added which tests cgi.parse_multipart() should fail since it uses a string (not bytes) boundary, while the correct boundary for the test is commented out.

I short this patch seems half-baked. IMO reject this patch and fix just the bytes/strings issue with cgi.parse_multipart. Or, as mentioned in the comments, use FieldStorage to implement it and be done with it.
Date User Action Args
2011-07-04 07:55:58taleinatsetrecipients: + taleinat, vstinner, eric.araujo, jonas.wagner, r.david.murray, efosmark, milesck, MHordecki, flox, quentel
2011-07-04 07:55:58taleinatsetmessageid: <>
2011-07-04 07:55:57taleinatlinkissue12411 messages
2011-07-04 07:55:57taleinatcreate