From e6fe10d34096a23be7d26271cf6aba429313b01d Mon Sep 17 00:00:00 2001 From: Christian Sattler Date: Sun, 12 Dec 2021 09:41:12 +0100 Subject: bpo-45874: Handle empty query string correctly in urllib.parse.parse_qsl (#29716) --- Lib/test/test_cgi.py | 2 +- Lib/urllib/parse.py | 5 +++-- Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py index c1b893d3fe..06762f8872 100644 --- a/Lib/test/test_cgi.py +++ b/Lib/test/test_cgi.py @@ -51,7 +51,7 @@ def do_test(buf, method): return ComparableException(err) parse_strict_test_cases = [ - ("", ValueError("bad query field: ''")), + ("", {}), ("&", ValueError("bad query field: ''")), ("&&", ValueError("bad query field: ''")), # Should the next few really be valid? diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py index bf16d0f42e..67ba308c40 100644 --- a/Lib/urllib/parse.py +++ b/Lib/urllib/parse.py @@ -740,12 +740,13 @@ def parse_qsl(qs, keep_blank_values=False, strict_parsing=False, # is less than max_num_fields. This prevents a memory exhaustion DOS # attack via post bodies with many fields. if max_num_fields is not None: - num_fields = 1 + qs.count(separator) + num_fields = 1 + qs.count(separator) if qs else 0 if max_num_fields < num_fields: raise ValueError('Max number of fields exceeded') r = [] - for name_value in qs.split(separator): + query_args = qs.split(separator) if qs else [] + for name_value in query_args: if not name_value and not strict_parsing: continue nv = name_value.split('=', 1) diff --git a/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst new file mode 100644 index 0000000000..ef793cf30a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-12-02-11-55-45.bpo-45874.dtJIsN.rst @@ -0,0 +1,3 @@ +The empty query string, consisting of no query arguments, is now handled +correctly in ``urllib.parse.parse_qsl``. This caused problems before when +strict parsing was enabled. -- cgit v1.2.1