Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4c0e885 to
d84ad3c
Compare
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by limiting the number of `MiniFieldStorage` objects created by `FieldStorage`. (cherry picked from commit 2091448)
d84ad3c to
16bf780
Compare
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
You must update the documentation as well: https://bugs.python.org/issue34866#msg328401
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
Thanks for the info @vstinner , I added those changes in 90ab0d5. For @bedevere-bot : I have made the requested changes; please review again. |
|
Thanks for making the requested changes! @vstinner: please review the changes made to this pull request. |
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Please write a PR for the master branch to document the new parameter.
| Use the :func:`urllib.urlencode` function to convert such dictionaries into | ||
| query strings. | ||
|
|
||
| .. versionadded:: 2.6 | ||
| Copied from the :mod:`cgi` module. | ||
|
|
||
| .. versionchanged:: 2.7.16 | ||
| Added *max_num_fields* param. |
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
oh, please replace "param" with "parameter.
| Use the :func:`urllib.urlencode` function to convert such lists of pairs into | ||
| query strings. | ||
|
|
||
| .. versionadded:: 2.6 | ||
| Copied from the :mod:`cgi` module. | ||
|
|
||
| .. versionchanged:: 2.7.16 | ||
| Added *max_num_fields* param. |
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
Ditto.
|
Okay this is ready for review again @vstinner |
Adding
max_num_fieldstocgi.FieldStorageto make DOS attacks harder bylimiting the number of
MiniFieldStorageobjects created byFieldStorage.(cherry picked from commit 2091448)
https://bugs.python.org/issue34866