Author adr26
Recipients
Date 2005-11-27.17:47:58
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to
Content
I have a simple form in HTML to upload a file:

<form action="http://foo/cgi-bin/test.py" 
enctype="multipart/form-data" method="post">
<p>
Please specify a file:<br>
<input type="file" name="file_1" size="40">
</p>
<p>
<input type="submit" value="Send">
</p>
</form>

I use this to post to a CGI python script that looks 
like this:

import cgi
import cgitb; cgitb.enable()

cgi.maxlen = 50

print "Content-type: text/plain"
print

q = cgi.parse()
print q

I was expecting that cgi.pm would then throw an 
exception if I send a file > 50 bytes long to it. If 
I construct a FieldStorage object, it certainly
does:

form = cgi.FieldStorage()
print form

The issue is that in parse_multipart() in cgi.pm, if 
a part of a multi-part message does not have the 
Content-Length header, you read lines until you
get to the next boundary "--...", but don't honour 
maxlen whilst doing so. I'd consider this to be a bug 
and would even be happy to have a go at fixing
it as my first contribution to Python, should others 
concur with me... :-)
History
Date User Action Args
2007-08-23 14:36:23adminlinkissue1367631 messages
2007-08-23 14:36:23admincreate