Issue508665
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2002-01-25 20:23 by cito, last changed 2022-04-10 16:04 by admin. This issue is now closed.
Messages (6) | |||
---|---|---|---|
msg38793 - (view) | Author: Christoph Zwerschke (cito) * | Date: 2002-01-25 20:23 | |
I found the parsing function "parse_qsl" in the module "cgi" to have some flaws. Especially, empty names are allowed, even if empty values are explicitly disallowed. If the latter are allowed, "?name=" is accepted, while "?name" is ignored. Often you want to use links like "?logout" or "?help". This is not possible, even if empty values are explicitly allowed. Also, "strict parsing" objects to "?name=", while it ignores "?name=a=b=c". My improvement suggestion: ------------- use ---------- for name_value in pairs: if strict_parsing: nv = name_value.split('=', 2) if len(nv) != 2 or not len(nv[0]): raise ValueError, "bad query field: %s" % `name_value` else: nv = name_value.split('=', 1).append('') if not len(nv[0]): continue if len(nv[1]) or keep_blank_values: name = urllib.unquote(nv[0].replace('+', ' ')) value = urllib.unquote(nv[1].replace('+', ' ')) r.append((name, value)) ----------- instead of -------- for name_value in pairs: nv = name_value.split('=', 1) if len(nv) != 2: if strict_parsing: raise ValueError, "bad query field: %s" % `name_value` continue if len(nv[1]) or keep_blank_values: name = urllib.unquote(nv[0].replace('+', ' ')) value = urllib.unquote(nv[1].replace('+', ' ')) r.append((name, value)) |
|||
msg38794 - (view) | Author: Christoph Zwerschke (cito) * | Date: 2002-01-25 20:41 | |
Logged In: YES user_id=193957 -------- better use: ---------- <pre> for name_value in pairs: if strict_parsing: nv = name_value.split('=', 2) if len(nv) != 2 or not len(nv[0]): raise ValueError, "bad query field: %s" % `name_value` else: nv = name_value.split('=', 1) if not len(nv[0]): continue if len(nv) != 2: nv.append('') if len(nv[1]) or keep_blank_values: name = urllib.unquote(nv[0].replace('+', ' ')) value = urllib.unquote(nv[1].replace('+', ' ')) r.append((name, value)) </pre> |
|||
msg38795 - (view) | Author: Brett Cannon (brett.cannon) * | Date: 2003-05-17 00:41 | |
Logged In: YES user_id=357491 The issue of "name=" compared to "name=a=b=c" has changed; both are allowed under strict parsing while "name" is not. The isue with "name" not being made a key with a blank value is still there. Christoph, any chance you can create a patch against the CVS version of cgi? |
|||
msg38796 - (view) | Author: Christoph Zwerschke (cito) * | Date: 2003-05-19 14:05 | |
Logged In: YES user_id=193957 The problem with empty names is still the same. Is this what you need? cvs diff cgi.py (in directory C:\Temp\python\python\dist\src\Lib\) Index: cgi.py ================================================ =================== RCS file: /cvsroot/python/python/dist/src/Lib/cgi.py,v retrieving revision 1.76 diff -r1.76 cgi.py 212,214c212,214 < nv = name_value.split('=', 1) < if len(nv) != 2: < if strict_parsing: --- > if strict_parsing: > nv = name_value.split('=', 2) > if len(nv) != 2 or not len(nv[0]): 216c216,221 < continue --- > else: > nv = name_value.split('=', 1) > if not len(nv[0]): > continue > if len(nv) != 2: > nv.append('') |
|||
msg38797 - (view) | Author: Tim Peters (tim.peters) * | Date: 2004-03-20 22:29 | |
Logged In: YES user_id=31435 Brett, since you seemed to know something about this, how about closing it? You just got the honor of having our oldest open patch assigned to you <wink>. |
|||
msg38798 - (view) | Author: Brett Cannon (brett.cannon) * | Date: 2004-03-21 22:28 | |
Logged In: YES user_id=357491 The case for having a control-name with no equal sign has been fixed to be acceptable when allow_blank_values is true. The case for having "name=a=b=c" was not changed, though. I could not find anywhere to say that is actually illegal. Also, the tests from test_cgi specifically test for this and allow it. Fixed in Lib/cgi.py, rev. 1.78 . |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-10 16:04:55 | admin | set | github: 35979 |
2002-01-25 20:23:58 | cito | create |