Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

multipartparser.py 28KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796
  1. """
  2. Multi-part parsing for file uploads.
  3. Exposes one class, ``MultiPartParser``, which feeds chunks of uploaded data to
  4. file upload handlers for processing.
  5. """
  6. import base64
  7. import binascii
  8. import collections
  9. import html
  10. from urllib.parse import unquote
  11. from django.conf import settings
  12. from django.core.exceptions import (
  13. RequestDataTooBig,
  14. SuspiciousMultipartForm,
  15. TooManyFieldsSent,
  16. TooManyFilesSent,
  17. )
  18. from django.core.files.uploadhandler import SkipFile, StopFutureHandlers, StopUpload
  19. from django.utils.datastructures import MultiValueDict
  20. from django.utils.encoding import force_str
  21. from django.utils.regex_helper import _lazy_re_compile
  22. __all__ = ("MultiPartParser", "MultiPartParserError", "InputStreamExhausted")
  23. class MultiPartParserError(Exception):
  24. pass
  25. class InputStreamExhausted(Exception):
  26. """
  27. No more reads are allowed from this device.
  28. """
  29. pass
  30. RAW = "raw"
  31. FILE = "file"
  32. FIELD = "field"
  33. FIELD_TYPES = frozenset([FIELD, RAW])
  34. class MultiPartParser:
  35. """
  36. A rfc2388 multipart/form-data parser.
  37. ``MultiValueDict.parse()`` reads the input stream in ``chunk_size`` chunks
  38. and returns a tuple of ``(MultiValueDict(POST), MultiValueDict(FILES))``.
  39. """
  40. boundary_re = _lazy_re_compile(rb"[ -~]{0,200}[!-~]")
  41. def __init__(self, META, input_data, upload_handlers, encoding=None):
  42. """
  43. Initialize the MultiPartParser object.
  44. :META:
  45. The standard ``META`` dictionary in Django request objects.
  46. :input_data:
  47. The raw post data, as a file-like object.
  48. :upload_handlers:
  49. A list of UploadHandler instances that perform operations on the
  50. uploaded data.
  51. :encoding:
  52. The encoding with which to treat the incoming data.
  53. """
  54. # Content-Type should contain multipart and the boundary information.
  55. content_type = META.get("CONTENT_TYPE", "")
  56. if not content_type.startswith("multipart/"):
  57. raise MultiPartParserError("Invalid Content-Type: %s" % content_type)
  58. # Parse the header to get the boundary to split the parts.
  59. try:
  60. ctypes, opts = parse_header(content_type.encode("ascii"))
  61. except UnicodeEncodeError:
  62. raise MultiPartParserError(
  63. "Invalid non-ASCII Content-Type in multipart: %s"
  64. % force_str(content_type)
  65. )
  66. boundary = opts.get("boundary")
  67. if not boundary or not self.boundary_re.fullmatch(boundary):
  68. raise MultiPartParserError(
  69. "Invalid boundary in multipart: %s" % force_str(boundary)
  70. )
  71. # Content-Length should contain the length of the body we are about
  72. # to receive.
  73. try:
  74. content_length = int(META.get("CONTENT_LENGTH", 0))
  75. except (ValueError, TypeError):
  76. content_length = 0
  77. if content_length < 0:
  78. # This means we shouldn't continue...raise an error.
  79. raise MultiPartParserError("Invalid content length: %r" % content_length)
  80. if isinstance(boundary, str):
  81. boundary = boundary.encode("ascii")
  82. self._boundary = boundary
  83. self._input_data = input_data
  84. # For compatibility with low-level network APIs (with 32-bit integers),
  85. # the chunk size should be < 2^31, but still divisible by 4.
  86. possible_sizes = [x.chunk_size for x in upload_handlers if x.chunk_size]
  87. self._chunk_size = min([2**31 - 4] + possible_sizes)
  88. self._meta = META
  89. self._encoding = encoding or settings.DEFAULT_CHARSET
  90. self._content_length = content_length
  91. self._upload_handlers = upload_handlers
  92. def parse(self):
  93. # Call the actual parse routine and close all open files in case of
  94. # errors. This is needed because if exceptions are thrown the
  95. # MultiPartParser will not be garbage collected immediately and
  96. # resources would be kept alive. This is only needed for errors because
  97. # the Request object closes all uploaded files at the end of the
  98. # request.
  99. try:
  100. return self._parse()
  101. except Exception:
  102. if hasattr(self, "_files"):
  103. for _, files in self._files.lists():
  104. for fileobj in files:
  105. fileobj.close()
  106. raise
  107. def _parse(self):
  108. """
  109. Parse the POST data and break it into a FILES MultiValueDict and a POST
  110. MultiValueDict.
  111. Return a tuple containing the POST and FILES dictionary, respectively.
  112. """
  113. from django.http import QueryDict
  114. encoding = self._encoding
  115. handlers = self._upload_handlers
  116. # HTTP spec says that Content-Length >= 0 is valid
  117. # handling content-length == 0 before continuing
  118. if self._content_length == 0:
  119. return QueryDict(encoding=self._encoding), MultiValueDict()
  120. # See if any of the handlers take care of the parsing.
  121. # This allows overriding everything if need be.
  122. for handler in handlers:
  123. result = handler.handle_raw_input(
  124. self._input_data,
  125. self._meta,
  126. self._content_length,
  127. self._boundary,
  128. encoding,
  129. )
  130. # Check to see if it was handled
  131. if result is not None:
  132. return result[0], result[1]
  133. # Create the data structures to be used later.
  134. self._post = QueryDict(mutable=True)
  135. self._files = MultiValueDict()
  136. # Instantiate the parser and stream:
  137. stream = LazyStream(ChunkIter(self._input_data, self._chunk_size))
  138. # Whether or not to signal a file-completion at the beginning of the loop.
  139. old_field_name = None
  140. counters = [0] * len(handlers)
  141. # Number of bytes that have been read.
  142. num_bytes_read = 0
  143. # To count the number of keys in the request.
  144. num_post_keys = 0
  145. # To count the number of files in the request.
  146. num_files = 0
  147. # To limit the amount of data read from the request.
  148. read_size = None
  149. # Whether a file upload is finished.
  150. uploaded_file = True
  151. try:
  152. for item_type, meta_data, field_stream in Parser(stream, self._boundary):
  153. if old_field_name:
  154. # We run this at the beginning of the next loop
  155. # since we cannot be sure a file is complete until
  156. # we hit the next boundary/part of the multipart content.
  157. self.handle_file_complete(old_field_name, counters)
  158. old_field_name = None
  159. uploaded_file = True
  160. if (
  161. item_type in FIELD_TYPES
  162. and settings.DATA_UPLOAD_MAX_NUMBER_FIELDS is not None
  163. ):
  164. # Avoid storing more than DATA_UPLOAD_MAX_NUMBER_FIELDS.
  165. num_post_keys += 1
  166. # 2 accounts for empty raw fields before and after the
  167. # last boundary.
  168. if settings.DATA_UPLOAD_MAX_NUMBER_FIELDS + 2 < num_post_keys:
  169. raise TooManyFieldsSent(
  170. "The number of GET/POST parameters exceeded "
  171. "settings.DATA_UPLOAD_MAX_NUMBER_FIELDS."
  172. )
  173. try:
  174. disposition = meta_data["content-disposition"][1]
  175. field_name = disposition["name"].strip()
  176. except (KeyError, IndexError, AttributeError):
  177. continue
  178. transfer_encoding = meta_data.get("content-transfer-encoding")
  179. if transfer_encoding is not None:
  180. transfer_encoding = transfer_encoding[0].strip()
  181. field_name = force_str(field_name, encoding, errors="replace")
  182. if item_type == FIELD:
  183. # Avoid reading more than DATA_UPLOAD_MAX_MEMORY_SIZE.
  184. if settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None:
  185. read_size = (
  186. settings.DATA_UPLOAD_MAX_MEMORY_SIZE - num_bytes_read
  187. )
  188. # This is a post field, we can just set it in the post
  189. if transfer_encoding == "base64":
  190. raw_data = field_stream.read(size=read_size)
  191. num_bytes_read += len(raw_data)
  192. try:
  193. data = base64.b64decode(raw_data)
  194. except binascii.Error:
  195. data = raw_data
  196. else:
  197. data = field_stream.read(size=read_size)
  198. num_bytes_read += len(data)
  199. # Add two here to make the check consistent with the
  200. # x-www-form-urlencoded check that includes '&='.
  201. num_bytes_read += len(field_name) + 2
  202. if (
  203. settings.DATA_UPLOAD_MAX_MEMORY_SIZE is not None
  204. and num_bytes_read > settings.DATA_UPLOAD_MAX_MEMORY_SIZE
  205. ):
  206. raise RequestDataTooBig(
  207. "Request body exceeded "
  208. "settings.DATA_UPLOAD_MAX_MEMORY_SIZE."
  209. )
  210. self._post.appendlist(
  211. field_name, force_str(data, encoding, errors="replace")
  212. )
  213. elif item_type == FILE:
  214. # Avoid storing more than DATA_UPLOAD_MAX_NUMBER_FILES.
  215. num_files += 1
  216. if (
  217. settings.DATA_UPLOAD_MAX_NUMBER_FILES is not None
  218. and num_files > settings.DATA_UPLOAD_MAX_NUMBER_FILES
  219. ):
  220. raise TooManyFilesSent(
  221. "The number of files exceeded "
  222. "settings.DATA_UPLOAD_MAX_NUMBER_FILES."
  223. )
  224. # This is a file, use the handler...
  225. file_name = disposition.get("filename")
  226. if file_name:
  227. file_name = force_str(file_name, encoding, errors="replace")
  228. file_name = self.sanitize_file_name(file_name)
  229. if not file_name:
  230. continue
  231. content_type, content_type_extra = meta_data.get(
  232. "content-type", ("", {})
  233. )
  234. content_type = content_type.strip()
  235. charset = content_type_extra.get("charset")
  236. try:
  237. content_length = int(meta_data.get("content-length")[0])
  238. except (IndexError, TypeError, ValueError):
  239. content_length = None
  240. counters = [0] * len(handlers)
  241. uploaded_file = False
  242. try:
  243. for handler in handlers:
  244. try:
  245. handler.new_file(
  246. field_name,
  247. file_name,
  248. content_type,
  249. content_length,
  250. charset,
  251. content_type_extra,
  252. )
  253. except StopFutureHandlers:
  254. break
  255. for chunk in field_stream:
  256. if transfer_encoding == "base64":
  257. # We only special-case base64 transfer encoding
  258. # We should always decode base64 chunks by
  259. # multiple of 4, ignoring whitespace.
  260. stripped_chunk = b"".join(chunk.split())
  261. remaining = len(stripped_chunk) % 4
  262. while remaining != 0:
  263. over_chunk = field_stream.read(4 - remaining)
  264. if not over_chunk:
  265. break
  266. stripped_chunk += b"".join(over_chunk.split())
  267. remaining = len(stripped_chunk) % 4
  268. try:
  269. chunk = base64.b64decode(stripped_chunk)
  270. except Exception as exc:
  271. # Since this is only a chunk, any error is
  272. # an unfixable error.
  273. raise MultiPartParserError(
  274. "Could not decode base64 data."
  275. ) from exc
  276. for i, handler in enumerate(handlers):
  277. chunk_length = len(chunk)
  278. chunk = handler.receive_data_chunk(chunk, counters[i])
  279. counters[i] += chunk_length
  280. if chunk is None:
  281. # Don't continue if the chunk received by
  282. # the handler is None.
  283. break
  284. except SkipFile:
  285. self._close_files()
  286. # Just use up the rest of this file...
  287. exhaust(field_stream)
  288. else:
  289. # Handle file upload completions on next iteration.
  290. old_field_name = field_name
  291. else:
  292. # If this is neither a FIELD nor a FILE, exhaust the field
  293. # stream. Note: There could be an error here at some point,
  294. # but there will be at least two RAW types (before and
  295. # after the other boundaries). This branch is usually not
  296. # reached at all, because a missing content-disposition
  297. # header will skip the whole boundary.
  298. exhaust(field_stream)
  299. except StopUpload as e:
  300. self._close_files()
  301. if not e.connection_reset:
  302. exhaust(self._input_data)
  303. else:
  304. if not uploaded_file:
  305. for handler in handlers:
  306. handler.upload_interrupted()
  307. # Make sure that the request data is all fed
  308. exhaust(self._input_data)
  309. # Signal that the upload has completed.
  310. # any() shortcircuits if a handler's upload_complete() returns a value.
  311. any(handler.upload_complete() for handler in handlers)
  312. self._post._mutable = False
  313. return self._post, self._files
  314. def handle_file_complete(self, old_field_name, counters):
  315. """
  316. Handle all the signaling that takes place when a file is complete.
  317. """
  318. for i, handler in enumerate(self._upload_handlers):
  319. file_obj = handler.file_complete(counters[i])
  320. if file_obj:
  321. # If it returns a file object, then set the files dict.
  322. self._files.appendlist(
  323. force_str(old_field_name, self._encoding, errors="replace"),
  324. file_obj,
  325. )
  326. break
  327. def sanitize_file_name(self, file_name):
  328. """
  329. Sanitize the filename of an upload.
  330. Remove all possible path separators, even though that might remove more
  331. than actually required by the target system. Filenames that could
  332. potentially cause problems (current/parent dir) are also discarded.
  333. It should be noted that this function could still return a "filepath"
  334. like "C:some_file.txt" which is handled later on by the storage layer.
  335. So while this function does sanitize filenames to some extent, the
  336. resulting filename should still be considered as untrusted user input.
  337. """
  338. file_name = html.unescape(file_name)
  339. file_name = file_name.rsplit("/")[-1]
  340. file_name = file_name.rsplit("\\")[-1]
  341. # Remove non-printable characters.
  342. file_name = "".join([char for char in file_name if char.isprintable()])
  343. if file_name in {"", ".", ".."}:
  344. return None
  345. return file_name
  346. IE_sanitize = sanitize_file_name
  347. def _close_files(self):
  348. # Free up all file handles.
  349. # FIXME: this currently assumes that upload handlers store the file as 'file'
  350. # We should document that...
  351. # (Maybe add handler.free_file to complement new_file)
  352. for handler in self._upload_handlers:
  353. if hasattr(handler, "file"):
  354. handler.file.close()
  355. class LazyStream:
  356. """
  357. The LazyStream wrapper allows one to get and "unget" bytes from a stream.
  358. Given a producer object (an iterator that yields bytestrings), the
  359. LazyStream object will support iteration, reading, and keeping a "look-back"
  360. variable in case you need to "unget" some bytes.
  361. """
  362. def __init__(self, producer, length=None):
  363. """
  364. Every LazyStream must have a producer when instantiated.
  365. A producer is an iterable that returns a string each time it
  366. is called.
  367. """
  368. self._producer = producer
  369. self._empty = False
  370. self._leftover = b""
  371. self.length = length
  372. self.position = 0
  373. self._remaining = length
  374. self._unget_history = []
  375. def tell(self):
  376. return self.position
  377. def read(self, size=None):
  378. def parts():
  379. remaining = self._remaining if size is None else size
  380. # do the whole thing in one shot if no limit was provided.
  381. if remaining is None:
  382. yield b"".join(self)
  383. return
  384. # otherwise do some bookkeeping to return exactly enough
  385. # of the stream and stashing any extra content we get from
  386. # the producer
  387. while remaining != 0:
  388. assert remaining > 0, "remaining bytes to read should never go negative"
  389. try:
  390. chunk = next(self)
  391. except StopIteration:
  392. return
  393. else:
  394. emitting = chunk[:remaining]
  395. self.unget(chunk[remaining:])
  396. remaining -= len(emitting)
  397. yield emitting
  398. return b"".join(parts())
  399. def __next__(self):
  400. """
  401. Used when the exact number of bytes to read is unimportant.
  402. Return whatever chunk is conveniently returned from the iterator.
  403. Useful to avoid unnecessary bookkeeping if performance is an issue.
  404. """
  405. if self._leftover:
  406. output = self._leftover
  407. self._leftover = b""
  408. else:
  409. output = next(self._producer)
  410. self._unget_history = []
  411. self.position += len(output)
  412. return output
  413. def close(self):
  414. """
  415. Used to invalidate/disable this lazy stream.
  416. Replace the producer with an empty list. Any leftover bytes that have
  417. already been read will still be reported upon read() and/or next().
  418. """
  419. self._producer = []
  420. def __iter__(self):
  421. return self
  422. def unget(self, bytes):
  423. """
  424. Place bytes back onto the front of the lazy stream.
  425. Future calls to read() will return those bytes first. The
  426. stream position and thus tell() will be rewound.
  427. """
  428. if not bytes:
  429. return
  430. self._update_unget_history(len(bytes))
  431. self.position -= len(bytes)
  432. self._leftover = bytes + self._leftover
  433. def _update_unget_history(self, num_bytes):
  434. """
  435. Update the unget history as a sanity check to see if we've pushed
  436. back the same number of bytes in one chunk. If we keep ungetting the
  437. same number of bytes many times (here, 50), we're mostly likely in an
  438. infinite loop of some sort. This is usually caused by a
  439. maliciously-malformed MIME request.
  440. """
  441. self._unget_history = [num_bytes] + self._unget_history[:49]
  442. number_equal = len(
  443. [
  444. current_number
  445. for current_number in self._unget_history
  446. if current_number == num_bytes
  447. ]
  448. )
  449. if number_equal > 40:
  450. raise SuspiciousMultipartForm(
  451. "The multipart parser got stuck, which shouldn't happen with"
  452. " normal uploaded files. Check for malicious upload activity;"
  453. " if there is none, report this to the Django developers."
  454. )
  455. class ChunkIter:
  456. """
  457. An iterable that will yield chunks of data. Given a file-like object as the
  458. constructor, yield chunks of read operations from that object.
  459. """
  460. def __init__(self, flo, chunk_size=64 * 1024):
  461. self.flo = flo
  462. self.chunk_size = chunk_size
  463. def __next__(self):
  464. try:
  465. data = self.flo.read(self.chunk_size)
  466. except InputStreamExhausted:
  467. raise StopIteration()
  468. if data:
  469. return data
  470. else:
  471. raise StopIteration()
  472. def __iter__(self):
  473. return self
  474. class InterBoundaryIter:
  475. """
  476. A Producer that will iterate over boundaries.
  477. """
  478. def __init__(self, stream, boundary):
  479. self._stream = stream
  480. self._boundary = boundary
  481. def __iter__(self):
  482. return self
  483. def __next__(self):
  484. try:
  485. return LazyStream(BoundaryIter(self._stream, self._boundary))
  486. except InputStreamExhausted:
  487. raise StopIteration()
  488. class BoundaryIter:
  489. """
  490. A Producer that is sensitive to boundaries.
  491. Will happily yield bytes until a boundary is found. Will yield the bytes
  492. before the boundary, throw away the boundary bytes themselves, and push the
  493. post-boundary bytes back on the stream.
  494. The future calls to next() after locating the boundary will raise a
  495. StopIteration exception.
  496. """
  497. def __init__(self, stream, boundary):
  498. self._stream = stream
  499. self._boundary = boundary
  500. self._done = False
  501. # rollback an additional six bytes because the format is like
  502. # this: CRLF<boundary>[--CRLF]
  503. self._rollback = len(boundary) + 6
  504. # Try to use mx fast string search if available. Otherwise
  505. # use Python find. Wrap the latter for consistency.
  506. unused_char = self._stream.read(1)
  507. if not unused_char:
  508. raise InputStreamExhausted()
  509. self._stream.unget(unused_char)
  510. def __iter__(self):
  511. return self
  512. def __next__(self):
  513. if self._done:
  514. raise StopIteration()
  515. stream = self._stream
  516. rollback = self._rollback
  517. bytes_read = 0
  518. chunks = []
  519. for bytes in stream:
  520. bytes_read += len(bytes)
  521. chunks.append(bytes)
  522. if bytes_read > rollback:
  523. break
  524. if not bytes:
  525. break
  526. else:
  527. self._done = True
  528. if not chunks:
  529. raise StopIteration()
  530. chunk = b"".join(chunks)
  531. boundary = self._find_boundary(chunk)
  532. if boundary:
  533. end, next = boundary
  534. stream.unget(chunk[next:])
  535. self._done = True
  536. return chunk[:end]
  537. else:
  538. # make sure we don't treat a partial boundary (and
  539. # its separators) as data
  540. if not chunk[:-rollback]: # and len(chunk) >= (len(self._boundary) + 6):
  541. # There's nothing left, we should just return and mark as done.
  542. self._done = True
  543. return chunk
  544. else:
  545. stream.unget(chunk[-rollback:])
  546. return chunk[:-rollback]
  547. def _find_boundary(self, data):
  548. """
  549. Find a multipart boundary in data.
  550. Should no boundary exist in the data, return None. Otherwise, return
  551. a tuple containing the indices of the following:
  552. * the end of current encapsulation
  553. * the start of the next encapsulation
  554. """
  555. index = data.find(self._boundary)
  556. if index < 0:
  557. return None
  558. else:
  559. end = index
  560. next = index + len(self._boundary)
  561. # backup over CRLF
  562. last = max(0, end - 1)
  563. if data[last : last + 1] == b"\n":
  564. end -= 1
  565. last = max(0, end - 1)
  566. if data[last : last + 1] == b"\r":
  567. end -= 1
  568. return end, next
  569. def exhaust(stream_or_iterable):
  570. """Exhaust an iterator or stream."""
  571. try:
  572. iterator = iter(stream_or_iterable)
  573. except TypeError:
  574. iterator = ChunkIter(stream_or_iterable, 16384)
  575. collections.deque(iterator, maxlen=0) # consume iterator quickly.
  576. def parse_boundary_stream(stream, max_header_size):
  577. """
  578. Parse one and exactly one stream that encapsulates a boundary.
  579. """
  580. # Stream at beginning of header, look for end of header
  581. # and parse it if found. The header must fit within one
  582. # chunk.
  583. chunk = stream.read(max_header_size)
  584. # 'find' returns the top of these four bytes, so we'll
  585. # need to munch them later to prevent them from polluting
  586. # the payload.
  587. header_end = chunk.find(b"\r\n\r\n")
  588. def _parse_header(line):
  589. main_value_pair, params = parse_header(line)
  590. try:
  591. name, value = main_value_pair.split(":", 1)
  592. except ValueError:
  593. raise ValueError("Invalid header: %r" % line)
  594. return name, (value, params)
  595. if header_end == -1:
  596. # we find no header, so we just mark this fact and pass on
  597. # the stream verbatim
  598. stream.unget(chunk)
  599. return (RAW, {}, stream)
  600. header = chunk[:header_end]
  601. # here we place any excess chunk back onto the stream, as
  602. # well as throwing away the CRLFCRLF bytes from above.
  603. stream.unget(chunk[header_end + 4 :])
  604. TYPE = RAW
  605. outdict = {}
  606. # Eliminate blank lines
  607. for line in header.split(b"\r\n"):
  608. # This terminology ("main value" and "dictionary of
  609. # parameters") is from the Python docs.
  610. try:
  611. name, (value, params) = _parse_header(line)
  612. except ValueError:
  613. continue
  614. if name == "content-disposition":
  615. TYPE = FIELD
  616. if params.get("filename"):
  617. TYPE = FILE
  618. outdict[name] = value, params
  619. if TYPE == RAW:
  620. stream.unget(chunk)
  621. return (TYPE, outdict, stream)
  622. class Parser:
  623. def __init__(self, stream, boundary):
  624. self._stream = stream
  625. self._separator = b"--" + boundary
  626. def __iter__(self):
  627. boundarystream = InterBoundaryIter(self._stream, self._separator)
  628. for sub_stream in boundarystream:
  629. # Iterate over each part
  630. yield parse_boundary_stream(sub_stream, 1024)
  631. def parse_header(line):
  632. """
  633. Parse the header into a key-value.
  634. Input (line): bytes, output: str for key/name, bytes for values which
  635. will be decoded later.
  636. """
  637. plist = _parse_header_params(b";" + line)
  638. key = plist.pop(0).lower().decode("ascii")
  639. pdict = {}
  640. for p in plist:
  641. i = p.find(b"=")
  642. if i >= 0:
  643. has_encoding = False
  644. name = p[:i].strip().lower().decode("ascii")
  645. if name.endswith("*"):
  646. # Lang/encoding embedded in the value (like "filename*=UTF-8''file.ext")
  647. # https://tools.ietf.org/html/rfc2231#section-4
  648. name = name[:-1]
  649. if p.count(b"'") == 2:
  650. has_encoding = True
  651. value = p[i + 1 :].strip()
  652. if len(value) >= 2 and value[:1] == value[-1:] == b'"':
  653. value = value[1:-1]
  654. value = value.replace(b"\\\\", b"\\").replace(b'\\"', b'"')
  655. if has_encoding:
  656. encoding, lang, value = value.split(b"'")
  657. value = unquote(value.decode(), encoding=encoding.decode())
  658. pdict[name] = value
  659. return key, pdict
  660. def _parse_header_params(s):
  661. plist = []
  662. while s[:1] == b";":
  663. s = s[1:]
  664. end = s.find(b";")
  665. while end > 0 and (s.count(b'"', 0, end) - s.count(b'\\"', 0, end)) % 2:
  666. end = s.find(b";", end + 1)
  667. if end < 0:
  668. end = len(s)
  669. f = s[:end]
  670. plist.append(f.strip())
  671. s = s[end:]
  672. return plist