Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Python>
  3. Bugs
The Python 1.5.2 cgi module doesn't handle PUT requests properly
jim at digicool
Jun 1, 1999, 1:10 PM
Post #1 of 2 (964 views)
Permalink
The cgi module in Python 1.5.2 sets the content-type to
application/x-www-form-urlencoded when no content-type header is
provided. This is an error. It is legal for HTTP requests to
ommit this header and most (or at least the most widely used ;)
clients don't include a content type in PUT requests, which are
used by many publishing tools.

I've attached a context diff that fixes this problem.

Jim

--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.

Attached Files:

  • text/plain t (1.93 KB)
Re: The Python 1.5.2 cgi module doesn't handle PUT requests properly [ In reply to ]
guido at CNRI
Jun 1, 1999, 2:14 PM
Post #2 of 2 (947 views)
Permalink
> The cgi module in Python 1.5.2 sets the content-type to
> application/x-www-form-urlencoded when no content-type header is
> provided. This is an error. It is legal for HTTP requests to
> ommit this header and most (or at least the most widely used ;)
> clients don't include a content type in PUT requests, which are
> used by many publishing tools.
>
> I've attached a context diff that fixes this problem.

Jim,

I don't know how you found the python-bugs mailing address -- it's
best not to use it until we announce it. Our Jitterbug experiments
are still in a very early phase (if you have a better solution for bug
tracking e.g. whatever you use for Zope, I'd appreciate trying it
out...).

In response to your problem report, the situation is more complicated
than you think. Classically, cgi.py is used only to handle GET and
POST requests (not PUT) and for POST, unfortunately there are clients
out there that send a POST command with urlencoded data without a
content-type header. The code in 1.5.1 always defaulted to text/plain
(as your proposed fix does), but this caused problems when a POST
request forgot the content-type header. (Unfortunately I've forgotten
who reported this -- perhaps it was Mike Meyer. This is why we need a
bug tracking system!) Anyway it has been in 1.5.2b2 and c1 (Yes, I
know you were too busy to try those out.)

Would it help if I changed the code so that urlencoded is only used as
the default when there is no outer boundary *and* the method is POST?

Like this:

Index: cgi.py
===================================================================
RCS file: /projects/cvsroot/python/dist/src/Lib/cgi.py,v
retrieving revision 1.42
diff -c -r1.42 cgi.py
*** cgi.py 1999/01/08 17:42:03 1.42
--- cgi.py 1999/06/01 21:13:15
***************
*** 841,847 ****
# but it happens to be something we don't understand.
if self.headers.has_key('content-type'):
ctype, pdict = parse_header(self.headers['content-type'])
! elif self.outerboundary:
ctype, pdict = "text/plain", {}
else:
ctype, pdict = 'application/x-www-form-urlencoded', {}
--- 841,847 ----
# but it happens to be something we don't understand.
if self.headers.has_key('content-type'):
ctype, pdict = parse_header(self.headers['content-type'])
! elif self.outerboundary or method != 'POST':
ctype, pdict = "text/plain", {}
else:
ctype, pdict = 'application/x-www-form-urlencoded', {}

--Guido van Rossum (home page: http://www.python.org/~guido/)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal