Propagating max_num_fields to FieldStorage subclass

Author: matthewbelisle-wf

Lib/cgi.py

@@ -637,12 +637,22 @@ def read_multi(self, environ, keep_blank_values, strict_parsing):
             if 'content-length' in headers:
                 del headers['content-length']
 
+            # Propagate max_num_fields into the sub class appropriately
+            sub_max_num_fields = self.max_num_fields
+            if sub_max_num_fields is not None:
+                sub_max_num_fields -= len(self.list)
+
             part = klass(self.fp, headers, ib, environ, keep_blank_values,
                          strict_parsing,self.limit-self.bytes_read,
-                         self.encoding, self.errors)
+                         self.encoding, self.errors, sub_max_num_fields)
+
+            max_num_fields = self.max_num_fields
+            if max_num_fields is not None and part.list:
+                max_num_fields -= len(part.list)
+
             self.bytes_read += part.bytes_read
             self.list.append(part)
-            if self.max_num_fields is not None and self.max_num_fields < len(self.list):
+            if max_num_fields is not None and max_num_fields < len(self.list):
                 raise ValueError('Max number of fields exceeded')
             if part.done or self.bytes_read >= self.length > 0:
                 break

Lib/test/test_cgi.py

@@ -391,8 +391,8 @@ def test_max_num_fields(self):
         }
 
         with self.assertRaises(ValueError):
-            form = cgi.FieldStorage(
-                fp=BytesIO(data.encode('ascii')),
+            cgi.FieldStorage(
+                fp=BytesIO(data.encode()),
                 environ=environ,
                 max_num_fields=10,
             )
@@ -403,13 +403,9 @@ def test_max_num_fields(self):
 
 a
 ---123
-Content-Disposition: form-data; name="a"
-
-a
----123
-Content-Disposition: form-data; name="a"
+Content-Type: application/x-www-form-urlencoded
 
-a
+a=a&a=a
 ---123--
 """
         environ = {
@@ -419,12 +415,20 @@ def test_max_num_fields(self):
             'REQUEST_METHOD':   'POST',
         }
 
+        # 2 GET entities
+        # 2 top level POST entities
+        # 2 entities within the second POST entity
         with self.assertRaises(ValueError):
-            form = cgi.FieldStorage(
-                fp=BytesIO(data.encode('ascii')),
+            cgi.FieldStorage(
+                fp=BytesIO(data.encode()),
                 environ=environ,
-                max_num_fields=4,
+                max_num_fields=5,
             )
+        cgi.FieldStorage(
+            fp=BytesIO(data.encode()),
+            environ=environ,
+            max_num_fields=6,
+        )
 
     def testQSAndFormData(self):
         data = """---123