Opened 9 years ago

Closed 9 years ago

#3733 defect closed duplicate (duplicate)

limits web2/server.py - parsePOSTData limits are not passed in case of application/x-www-form-url-encode

Reported by: georgik Owned by:
Priority: normal Milestone:
Component: web2 Keywords: web2, postable resouece
Cc: Branch:
Author:

Description

Related to web2/server.py - revision 26753

There are limits in method parsePOSTData - maxMem, maxFields, maxSize. Those limits are passed to fileupload.parseMultipartFromData, in case of multipart conent

line 119

d = fileupload.parseMultipartFromData(request.stream, boundary, maxMem, maxFields, maxSize)

That's ok.

In case of application/x-www-form-urlencoded, limits are not passed to subsequent function

  • line 108
d = fileupload.parse_urlencoded(request.stream)

As you can see, limits are ignored.

Simple fix:

d = fileupload.parse_urlencoded(request.stream, maxMem, maxFields)

How to simulate this problem: Just try to upload form field with size more than 100k via POST.

Change History (2)

comment:1 Changed 9 years ago by Jean-Paul Calderone

Resolution: duplicate
Status: newclosed

See #3732

comment:2 Changed 7 years ago by <automation>

Owner: David Reid deleted
Note: See TracTickets for help on using tickets.