Issue 1367631: maximum length not enforced in cgi.parse() (original) (raw)

I have a simple form in HTML to upload a file:

Please specify a file:

I use this to post to a CGI python script that looks like this:

import cgi import cgitb; cgitb.enable()

cgi.maxlen = 50

print "Content-type: text/plain" print

q = cgi.parse() print q

I was expecting that cgi.pm would then throw an exception if I send a file > 50 bytes long to it. If I construct a FieldStorage object, it certainly does:

form = cgi.FieldStorage() print form

The issue is that in parse_multipart() in cgi.pm, if a part of a multi-part message does not have the Content-Length header, you read lines until you get to the next boundary "--...", but don't honour maxlen whilst doing so. I'd consider this to be a bug and would even be happy to have a go at fixing it as my first contribution to Python, should others concur with me... :-)