mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-26 18:29:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

bpo-33843: Remove deprecated stuff in cgi module (GH-7662)

Browse source
This commit is contained in:
INADA Naoki 2018-06-19 17:28:50 +09:00 committed by GitHub
parent cb970730e3
commit 698865dcbb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Doc/library/cgi.rst
View file

@ -284,18 +284,6 @@ algorithms implemented in this module in other circumstances.
passed to :func:`urllib.parse.parse_qs` unchanged. passed to :func:`urllib.parse.parse_qs` unchanged.
.. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False)
This function is deprecated in this module. Use :func:`urllib.parse.parse_qs`
instead. It is maintained here only for backward compatibility.
.. function:: parse_qsl(qs, keep_blank_values=False, strict_parsing=False)
This function is deprecated in this module. Use :func:`urllib.parse.parse_qsl`
instead. It is maintained here only for backward compatibility.
.. function:: parse_multipart(fp, pdict, encoding="utf-8", errors="replace") .. function:: parse_multipart(fp, pdict, encoding="utf-8", errors="replace")
Parse input of type :mimetype:`multipart/form-data` (for file uploads). Parse input of type :mimetype:`multipart/form-data` (for file uploads).
@ -348,20 +336,6 @@ algorithms implemented in this module in other circumstances.
Print a list of useful (used by CGI) environment variables in HTML. Print a list of useful (used by CGI) environment variables in HTML.
.. function:: escape(s, quote=False)
Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark
character (``"``) is also translated; this helps for inclusion in an HTML
attribute value delimited by double quotes, as in ``<a href="...">``. Note
that single quotes are never translated.
.. deprecated:: 3.2
This function is unsafe because *quote* is false by default, and therefore
deprecated. Use :func:`html.escape` instead.
.. _cgi-security: .. _cgi-security:
Caring about security Caring about security

4
Doc/whatsnew/3.8.rst
View file

@ -136,6 +136,10 @@ Removed
to help eliminate confusion as to what Python interpreter the ``pyvenv`` to help eliminate confusion as to what Python interpreter the ``pyvenv``
script is tied to. (Contributed by Brett Cannon in :issue:`25427`.) script is tied to. (Contributed by Brett Cannon in :issue:`25427`.)
* ``parse_qs``, ``parse_qsl``, and ``escape`` are removed from :mod:`cgi`
module. They are deprecated from Python 3.2 or older.
Porting to Python 3.8 Porting to Python 3.8
===================== =====================

33
Lib/cgi.py
View file

@ -38,16 +38,14 @@ import os
import urllib.parse import urllib.parse
from email.parser import FeedParser from email.parser import FeedParser
from email.message import Message from email.message import Message
from warnings import warn
import html import html
import locale import locale
import tempfile import tempfile
__all__ = ["MiniFieldStorage", "FieldStorage", __all__ = ["MiniFieldStorage", "FieldStorage", "parse", "parse_multipart",
"parse", "parse_qs", "parse_qsl", "parse_multipart",
"parse_header", "test", "print_exception", "print_environ", "parse_header", "test", "print_exception", "print_environ",
"print_form", "print_directory", "print_arguments", "print_form", "print_directory", "print_arguments",
"print_environ_usage", "escape"] "print_environ_usage"]
# Logging support # Logging support
# =============== # ===============
@ -183,21 +181,6 @@ def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):
encoding=encoding) encoding=encoding)
# parse query string function called from urlparse,
# this is done in order to maintain backward compatibility.
def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
"""Parse a query given as a string argument."""
warn("cgi.parse_qs is deprecated, use urllib.parse.parse_qs instead",
DeprecationWarning, 2)
return urllib.parse.parse_qs(qs, keep_blank_values, strict_parsing)
def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):
"""Parse a query given as a string argument."""
warn("cgi.parse_qsl is deprecated, use urllib.parse.parse_qsl instead",
DeprecationWarning, 2)
return urllib.parse.parse_qsl(qs, keep_blank_values, strict_parsing)
def parse_multipart(fp, pdict, encoding="utf-8", errors="replace"): def parse_multipart(fp, pdict, encoding="utf-8", errors="replace"):
"""Parse multipart input. """Parse multipart input.
@ -974,18 +957,6 @@ environment as well. Here are some common variable names:
# Utilities # Utilities
# ========= # =========
def escape(s, quote=None):
"""Deprecated API."""
warn("cgi.escape is deprecated, use html.escape instead",
DeprecationWarning, stacklevel=2)
s = s.replace("&", "&amp;") # Must be done first!
s = s.replace("<", "&lt;")
s = s.replace(">", "&gt;")
if quote:
s = s.replace('"', "&quot;")
return s
def valid_boundary(s): def valid_boundary(s):
import re import re
if isinstance(s, bytes): if isinstance(s, bytes):

24
Lib/test/test_cgi.py
View file

@ -4,7 +4,6 @@ import os
import sys import sys
import tempfile import tempfile
import unittest import unittest
import warnings
from collections import namedtuple from collections import namedtuple
from io import StringIO, BytesIO from io import StringIO, BytesIO
from test import support from test import support
@ -163,15 +162,6 @@ Content-Length: 3
fs = cgi.FieldStorage(headers={'content-type':'text/plain'}) fs = cgi.FieldStorage(headers={'content-type':'text/plain'})
self.assertRaises(TypeError, bool, fs) self.assertRaises(TypeError, bool, fs)
def test_escape(self):
# cgi.escape() is deprecated.
with warnings.catch_warnings():
warnings.filterwarnings('ignore', r'cgi\.escape',
DeprecationWarning)
self.assertEqual("test &amp; string", cgi.escape("test & string"))
self.assertEqual("&lt;test string&gt;", cgi.escape("<test string>"))
self.assertEqual("&quot;test string&quot;", cgi.escape('"test string"', True))
def test_strict(self): def test_strict(self):
for orig, expect in parse_strict_test_cases: for orig, expect in parse_strict_test_cases:
# Test basic parsing # Test basic parsing
@ -449,20 +439,6 @@ this is the content of the fake file
v = gen_result(data, environ) v = gen_result(data, environ)
self.assertEqual(result, v) self.assertEqual(result, v)
def test_deprecated_parse_qs(self):
# this func is moved to urllib.parse, this is just a sanity check
with check_warnings(('cgi.parse_qs is deprecated, use urllib.parse.'
'parse_qs instead', DeprecationWarning)):
self.assertEqual({'a': ['A1'], 'B': ['B3'], 'b': ['B2']},
cgi.parse_qs('a=A1&b=B2&B=B3'))
def test_deprecated_parse_qsl(self):
# this func is moved to urllib.parse, this is just a sanity check
with check_warnings(('cgi.parse_qsl is deprecated, use urllib.parse.'
'parse_qsl instead', DeprecationWarning)):
self.assertEqual([('a', 'A1'), ('b', 'B2'), ('B', 'B3')],
cgi.parse_qsl('a=A1&b=B2&B=B3'))
def test_parse_header(self): def test_parse_header(self):
self.assertEqual( self.assertEqual(
cgi.parse_header("text/plain"), cgi.parse_header("text/plain"),

1
Misc/NEWS.d/next/Library/2018-06-12-18-59-16.bpo-33843.qVAK8g.rst Normal file
View file

@ -0,0 +1 @@
Remove deprecated ``cgi.escape``, ``cgi.parse_qs`` and ``cgi.parse_qsl``.