summaryrefslogtreecommitdiff
path: root/Lib/cgi.py
Commit message (Collapse)AuthorAgeFilesLines
* bpo-42967: only use '&' as a query string separator (#24297)Adam Goldschmidt2021-02-141-9/+14
| | | | | | | | | | | bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Éric Araujo <merwok@netwok.org>
* Correct referenced RFC number in cgi module (GH-22827)Mike Lei2020-12-161-1/+1
| | | The quoted sentence can be found from the last paragraph of RFC 2046, Section 5.1, while the content of RFC 2026 is unrelated to this module.
* bpo-34226: fix cgi.parse_multipart without content_length (GH-8530)roger2020-06-151-2/+6
| | | | | | | | | In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH header, this fix remove this header as required and fix FieldStorage read_lines_to_outerboundary, by not using limit when it's negative, since by default it's -1 if not content-length and keeps substracting what was read from the file object. Also added a test case for this problem.
* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has… ↵Pierre Quentel2019-09-111-3/+5
| | | | | | | | | | | | (#10638) * bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header * Add Misc/NEWS.d/next file. * Add rst formatting for NEWS.d/next file * Reaplce assert by self.assertEqual
* bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)matthewbelisle-wf2018-10-231-11/+12
| | | https://bugs.python.org/issue35028
* bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)matthewbelisle-wf2018-10-191-9/+25
| | | | Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
* bpo-33843: Remove deprecated stuff in cgi module (GH-7662)INADA Naoki2018-06-191-31/+2
|
* bpo-33497: Add errors param to cgi.parse_multipart and make an encoding in ↵Amber Brown2018-05-141-4/+6
| | | | FieldStorage use the given errors (GH-6804)
* bpo-29979: Rewrite cgi.parse_multipart to make it consistent with ↵Pierre Quentel2017-05-081-91/+14
| | | | FieldStorage (#991)
* bpo-30144: Import collections ABC from collections.abc rather than ↵Serhiy Storchaka2017-04-241-1/+1
| | | | collections. (#1263)
* Issue #27105: Add cgi.test() to __all__, based on Jacek Kołodziej’s patchMartin Panter2016-06-061-1/+1
|
* Issue #27076: Doc, comment and tests spelling fixesMartin Panter2016-05-261-1/+1
| | | | Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
* (Merge 3.4) cgi.FieldStorage.read_multi ignores Content-LengthVictor Stinner2015-08-181-0/+5
|\ | | | | | | | | | | Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length header in part headers. Patch written by Peter Landry and reviewed by Pierre Quentel.
| * cgi.FieldStorage.read_multi ignores Content-LengthVictor Stinner2015-08-181-0/+5
| | | | | | | | | | | | Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length header in part headers. Patch written by Peter Landry and reviewed by Pierre Quentel.
* | merge 3.4 (#23801)Benjamin Peterson2015-03-291-2/+7
|\ \ | |/
| * Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorageDonald Stufft2015-03-291-2/+7
| |
* | Issue #20289: cgi.FieldStorage() now supports the context management protocol.Berker Peksag2015-02-061-0/+6
|/
* remove unused argument (closes #21135)Benjamin Peterson2014-04-031-1/+1
|
* merge from 3.3Senthil Kumaran2014-01-111-2/+12
|\ | | | | | | | | | | Issue #19092 - Raise a correct exception when cgi.FieldStorage is given an invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage object.
| * Issue #19092 - Raise a correct exception when cgi.FieldStorage is given anSenthil Kumaran2014-01-111-2/+12
| | | | | | | | | | invalid file-obj. Also use __bool__ to determine the bool of the FieldStorage object.
* | Closes #17335: remove no-op assignment.Georg Brandl2013-10-131-1/+0
| |
* | Issue #18394: Explicitly close the file object cgi.FieldStorageBrett Cannon2013-08-231-0/+6
| | | | | | | | | | | | | | | | caches. Eliminates the ResoureWarning raised during testing. Patch also independently written by Vajrasky Kok.
* | Merge #18013: Fix cgi.FieldStorage to parse the W3C sample form.Florent Xicluna2013-07-071-1/+1
|\ \ | |/
| * Issue #18013: Fix cgi.FieldStorage to parse the W3C sample form.Florent Xicluna2013-07-071-1/+1
| |
* | Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-dataSerhiy Storchaka2013-06-171-0/+9
|\ \ | |/ | | | | when \r\n appears at end of 65535 bytes without other newlines.
| * Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-dataSerhiy Storchaka2013-06-171-0/+9
| | | | | | | | when \r\n appears at end of 65535 bytes without other newlines.
* | merge from 3.3Senthil Kumaran2013-01-231-9/+9
|\ \ | |/ | | | | | | Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and bytes data. Patch by Jonas Wagner.
| * merge from 3.2Senthil Kumaran2013-01-231-9/+9
| |\ | | | | | | | | | | | | Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries and bytes data. Patch by Jonas Wagner.
| | * Issue #12411: Fix to cgi.parse_multipart to correctly use bytes boundaries andSenthil Kumaran2013-01-231-9/+9
| | | | | | | | | | | | bytes data. Patch by Jonas Wagner.
* | | Replace IOError with OSError (#16715)Andrew Svetlov2012-12-251-1/+1
| | |
* | | Use OESeeror instead of os.error (#16720)Andrew Svetlov2012-12-241-1/+1
| | | | | | | | | | | | Patch by Serhiy Storchaka.
* | | Issue #16706: get rid of os.errorAndrew Svetlov2012-12-181-1/+1
|/ /
* | Issue #13248: turn 3.2's PendingDeprecationWarning into 3.3's ↵Florent Xicluna2011-12-101-1/+1
| | | | | | | | DeprecationWarning (cgi, importlib, nntplib, smtpd).
* | default - Fix closes Issue12529 - cgi.parse_header failure on double quotes andSenthil Kumaran2011-10-201-1/+1
|\ \ | |/ | | | | semicolons. Patch by Ben Darnell and Petri Lehtinen.
| * 3.2 - Fix closes Issue12529 - cgi.parse_header failure on double quotes andSenthil Kumaran2011-10-201-1/+1
| | | | | | | | semicolons. Patch by Ben Darnell and Petri Lehtinen.
* | Add cgi.closelog() function to close the log fileVictor Stinner2011-07-141-1/+10
|/
* cgi: use isinstance(x, list) instead of type(x) == type([])Victor Stinner2011-01-141-3/+3
|
* Issue #4953: cgi.FieldStorage and cgi.parse() parse the request as bytes, notVictor Stinner2011-01-141-63/+169
| | | | | as unicode, and accept binary files. Add encoding and errors attributes to cgi.FieldStorage.
* #2830: add html.escape() helper and move cgi.escape() uses in the standard ↵Georg Brandl2010-10-151-12/+13
| | | | library to it. It defaults to quote=True and also escapes single quotes, which makes casual use safer. The cgi.escape() interface is not touched, but emits a (silent) PendingDeprecationWarning.
* Fix Issue7007 - Use percent-encoded consistently instead of URL Encoded ↵Senthil Kumaran2010-08-091-2/+2
| | | | variations. Changes in Modules.
* Merged revisions 78844 via svnmerge fromBenjamin Peterson2010-03-111-1/+1
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r78844 | benjamin.peterson | 2010-03-11 16:03:45 -0600 (Thu, 11 Mar 2010) | 1 line revert r78842 cgi.py change ........
* Merged revisions 78841-78842 via svnmerge fromBenjamin Peterson2010-03-111-1/+1
| | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r78841 | benjamin.peterson | 2010-03-11 15:50:45 -0600 (Thu, 11 Mar 2010) | 1 line remove executable property from doc files ........ r78842 | benjamin.peterson | 2010-03-11 15:53:25 -0600 (Thu, 11 Mar 2010) | 1 line use proper shebang lines ........
* #4351: more appropriate DeprecationWarning stacklevelsPhilip Jenvey2009-05-081-2/+2
|
* Merged revisions 67528 via svnmerge fromFred Drake2008-12-041-3/+15
| | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r67528 | fred.drake | 2008-12-04 13:25:17 -0500 (Thu, 04 Dec 2008) | 4 lines Issue #1055234: cgi.parse_header(): Fixed parsing of header parameters to support unusual filenames (such as those containing semi-colons) in Content-Disposition headers. ........
* Added a warning filter to don't show the warning duringFacundo Batista2008-09-091-1/+1
| | | | the tests. Also fixed the warning message in cgi.py
* Issue 600362: Relocated parse_qs() and parse_qsl(), from the cgi moduleFacundo Batista2008-09-031-68/+17
| | | | | to the urlparse one. Added a DeprecationWarning in the old module, it will be deprecated in the future. Docs and tests updated.
* Merged revisions ↵Benjamin Peterson2008-07-021-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 64434-64435,64440-64443,64445,64447-64448,64450,64452,64455,64461,64464,64466,64468 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r64434 | andrew.kuchling | 2008-06-20 18:13:58 -0500 (Fri, 20 Jun 2008) | 1 line Remove request for e-mail; it's unlikely these classes will be saved ........ r64435 | andrew.kuchling | 2008-06-20 18:14:32 -0500 (Fri, 20 Jun 2008) | 1 line Grammar fixes ........ r64440 | andrew.kuchling | 2008-06-21 08:29:12 -0500 (Sat, 21 Jun 2008) | 1 line Docstring typo ........ r64441 | andrew.kuchling | 2008-06-21 08:47:20 -0500 (Sat, 21 Jun 2008) | 1 line Use repr() for bad input strings; this makes the empty string or binary characters more visible ........ r64442 | andrew.kuchling | 2008-06-21 08:48:38 -0500 (Sat, 21 Jun 2008) | 1 line Docstring correction ........ r64443 | georg.brandl | 2008-06-21 09:26:19 -0500 (Sat, 21 Jun 2008) | 2 lines Documentation fix. ........ r64445 | facundo.batista | 2008-06-21 12:30:06 -0500 (Sat, 21 Jun 2008) | 3 lines Reviewed and updated the documentation. Fixes #3017. ........ r64447 | facundo.batista | 2008-06-21 13:58:04 -0500 (Sat, 21 Jun 2008) | 6 lines Now a from submitted via POST that also has a query string will contain both FieldStorage and MiniFieldStorage items. Fixes #1817. ........ r64448 | facundo.batista | 2008-06-21 14:48:19 -0500 (Sat, 21 Jun 2008) | 5 lines In the deprecated functions I added an alert to review specially a section of the subprocess documentation that helps with the replacing of those functionss. ........ r64450 | georg.brandl | 2008-06-22 04:05:29 -0500 (Sun, 22 Jun 2008) | 2 lines Turn section references into proper cross-references. ........ r64452 | facundo.batista | 2008-06-22 08:36:20 -0500 (Sun, 22 Jun 2008) | 5 lines Issue #2722. Now the char buffer to support the path string has not fixed length, it mallocs memory if needed. As a result, we don't have a maximum for the getcwd() method. ........ r64455 | facundo.batista | 2008-06-22 10:27:10 -0500 (Sun, 22 Jun 2008) | 4 lines Issue 3164. Small fix to don't repeat a comparation without necessity. ........ r64461 | georg.brandl | 2008-06-22 13:11:52 -0500 (Sun, 22 Jun 2008) | 2 lines #3085: Fix syntax error. ........ r64464 | georg.brandl | 2008-06-22 13:31:54 -0500 (Sun, 22 Jun 2008) | 2 lines Expand docstrings of sqlite3 functions. ........ r64466 | georg.brandl | 2008-06-22 14:07:59 -0500 (Sun, 22 Jun 2008) | 2 lines Write out "phi" consistently. ........ r64468 | facundo.batista | 2008-06-22 14:35:24 -0500 (Sun, 22 Jun 2008) | 4 lines Just returning nothing instead of rising TestSkipped, because it makes the test fail in the trunk.loewis-sun buildbot. ........
* Make a new urllib package .Jeremy Hylton2008-06-181-3/+3
| | | | | | | | | | | | | It consists of code from urllib, urllib2, urlparse, and robotparser. The old modules have all been removed. The new package has five submodules: urllib.parse, urllib.request, urllib.response, urllib.error, and urllib.robotparser. The urllib.request.urlopen() function uses the url opener from urllib2. Note that the unittests have not been renamed for the beta, but they will be renamed in the future. Joint work with Senthil Kumaran.
* remove a mimetools importBenjamin Peterson2008-06-121-1/+0
|
* Patch for issue 2848, mostly by Humberto Diogenes, with a couple ofBarry Warsaw2008-06-121-2/+4
| | | | small fixes by Barry. This removes mimetools from the stdlib.
View Lorry Controller Status