From d6476c2b9205e4596a7bef82ca88349b3de2b9c6 Mon Sep 17 00:00:00 2001 From: John Stark Date: Tue, 21 Jan 2025 20:33:52 +0100 Subject: [PATCH] Remove trust_x_headers Removes the trust_x_headers option for create_form_parser and associated tests. --- python_multipart/multipart.py | 13 ++----------- tests/test_multipart.py | 18 ------------------ 2 files changed, 2 insertions(+), 29 deletions(-) diff --git a/python_multipart/multipart.py b/python_multipart/multipart.py index 4decdb9..55a92fe 100644 --- a/python_multipart/multipart.py +++ b/python_multipart/multipart.py @@ -1241,7 +1241,7 @@ def data_callback(name: CallbackName, end_i: int, remaining: bool = False) -> No elif state == MultipartState.HEADER_VALUE_ALMOST_DONE: # The last character should be a LF. If not, it's an error. if c != LF: - msg = "Did not find LF character at end of header " "(found %r)" % (c,) + msg = "Did not find LF character at end of header (found %r)" % (c,) self.logger.warning(msg) e = MultipartParseError(msg) e.offset = i @@ -1783,7 +1783,6 @@ def create_form_parser( headers: dict[str, bytes], on_field: OnFieldCallback | None, on_file: OnFileCallback | None, - trust_x_headers: bool = False, config: dict[Any, Any] = {}, ) -> FormParser: """This function is a helper function to aid in creating a FormParser @@ -1796,8 +1795,6 @@ def create_form_parser( headers: A dictionary-like object of HTTP headers. The only required header is Content-Type. on_field: Callback to call with each parsed field. on_file: Callback to call with each parsed file. - trust_x_headers: Whether or not to trust information received from certain X-Headers - for example, the file - name from X-File-Name. config: Configuration variables to pass to the FormParser. """ content_type: str | bytes | None = headers.get("Content-Type") @@ -1813,14 +1810,8 @@ def create_form_parser( # We need content_type to be a string, not a bytes object. content_type = content_type.decode("latin-1") - # File names are optional. - if trust_x_headers: - file_name = headers.get("X-File-Name") - else: - file_name = None - # Instantiate a form parser. - form_parser = FormParser(content_type, on_field, on_file, boundary=boundary, file_name=file_name, config=config) + form_parser = FormParser(content_type, on_field, on_file, boundary=boundary, config=config) # Return our parser. return form_parser diff --git a/tests/test_multipart.py b/tests/test_multipart.py index 8d2944c..58ad8d4 100644 --- a/tests/test_multipart.py +++ b/tests/test_multipart.py @@ -1391,24 +1391,6 @@ def test_parse_form(self) -> None: # 15 - i.e. all data is written. self.assertEqual(on_file.call_args[0][0].size, 15) - @parametrize("trust_x_headers", [True, False]) - def test_parse_form_trust_x_false(self, trust_x_headers: bool) -> None: - on_field = Mock() - on_file = Mock() - - headers = {"Content-Type": b"application/octet-stream", "X-File-Name": b"foo.txt"} - parser = create_form_parser(headers, on_field, on_file, trust_x_headers=trust_x_headers) - parser.write(b"123456789012345") - parser.finalize() - - assert on_file.call_count == 1 - - # The first argument (a File Object) name should come from the X header only if allowed. - if trust_x_headers: - self.assertEqual(on_file.call_args[0][0].file_name, b"foo.txt") - else: - self.assertEqual(on_file.call_args[0][0].file_name, None) - def test_parse_form_content_length(self) -> None: files: list[FileProtocol] = []