Skip to content

bpo-33843: Remove deprecated stuff in cgi module #7662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
methane merged 3 commits into from
Jun 19, 2018
Merged

bpo-33843: Remove deprecated stuff in cgi module #7662

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6125c1b
Remove deprecated stuff in cgi module
methane Jun 12, 2018
c3f9990
Add NEWS
methane Jun 12, 2018
497633a
Update doc
methane Jun 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 0 additions & 26 deletions Doc/library/cgi.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -284,18 +284,6 @@ algorithms implemented in this module in other circumstances.
passed to :func:`urllib.parse.parse_qs` unchanged.


.. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False)

This function is deprecated in this module. Use :func:`urllib.parse.parse_qs`
instead. It is maintained here only for backward compatibility.


.. function:: parse_qsl(qs, keep_blank_values=False, strict_parsing=False)

This function is deprecated in this module. Use :func:`urllib.parse.parse_qsl`
instead. It is maintained here only for backward compatibility.


.. function:: parse_multipart(fp, pdict, encoding="utf-8", errors="replace")

Parse input of type :mimetype:`multipart/form-data` (for file uploads).
Expand Down Expand Up @@ -348,20 +336,6 @@ algorithms implemented in this module in other circumstances.
Print a list of useful (used by CGI) environment variables in HTML.


.. function:: escape(s, quote=False)

Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe
sequences. Use this if you need to display text that might contain such
characters in HTML. If the optional flag *quote* is true, the quotation mark
character (``"``) is also translated; this helps for inclusion in an HTML
attribute value delimited by double quotes, as in ``<a href="...">``. Note
that single quotes are never translated.

.. deprecated:: 3.2
This function is unsafe because *quote* is false by default, and therefore
deprecated. Use :func:`html.escape` instead.


.. _cgi-security:

Caring about security
Expand Down
4 changes: 4 additions & 0 deletions Doc/whatsnew/3.8.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ Removed
to help eliminate confusion as to what Python interpreter the ``pyvenv``
script is tied to. (Contributed by Brett Cannon in :issue:`25427`.)

* ``parse_qs``, ``parse_qsl``, and ``escape`` are removed from :mod:`cgi`
module. They are deprecated from Python 3.2 or older.



Porting to Python 3.8
=====================
Expand Down
33 changes: 2 additions & 31 deletions Lib/cgi.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,14 @@
import urllib.parse
from email.parser import FeedParser
from email.message import Message
from warnings import warn
import html
import locale
import tempfile

__all__ = ["MiniFieldStorage", "FieldStorage",
"parse", "parse_qs", "parse_qsl", "parse_multipart",
__all__ = ["MiniFieldStorage", "FieldStorage", "parse", "parse_multipart",
"parse_header", "test", "print_exception", "print_environ",
"print_form", "print_directory", "print_arguments",
"print_environ_usage", "escape"]
"print_environ_usage"]

# Logging support
# ===============
Expand Down Expand Up @@ -183,21 +181,6 @@ def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):
encoding=encoding)


# parse query string function called from urlparse,
# this is done in order to maintain backward compatibility.

def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
"""Parse a query given as a string argument."""
warn("cgi.parse_qs is deprecated, use urllib.parse.parse_qs instead",
DeprecationWarning, 2)
return urllib.parse.parse_qs(qs, keep_blank_values, strict_parsing)

def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):
"""Parse a query given as a string argument."""
warn("cgi.parse_qsl is deprecated, use urllib.parse.parse_qsl instead",
DeprecationWarning, 2)
return urllib.parse.parse_qsl(qs, keep_blank_values, strict_parsing)

def parse_multipart(fp, pdict, encoding="utf-8", errors="replace"):
"""Parse multipart input.

Expand Down Expand Up @@ -974,18 +957,6 @@ def print_environ_usage():
# Utilities
# =========

def escape(s, quote=None):
"""Deprecated API."""
warn("cgi.escape is deprecated, use html.escape instead",
DeprecationWarning, stacklevel=2)
s = s.replace("&", "&amp;") # Must be done first!
s = s.replace("<", "&lt;")
s = s.replace(">", "&gt;")
if quote:
s = s.replace('"', "&quot;")
return s


def valid_boundary(s):
import re
if isinstance(s, bytes):
Expand Down
24 changes: 0 additions & 24 deletions Lib/test/test_cgi.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
import sys
import tempfile
import unittest
import warnings
from collections import namedtuple
from io import StringIO, BytesIO
from test import support
Expand Down Expand Up @@ -163,15 +162,6 @@ def test_fieldstorage_invalid(self):
fs = cgi.FieldStorage(headers={'content-type':'text/plain'})
self.assertRaises(TypeError, bool, fs)

def test_escape(self):
# cgi.escape() is deprecated.
with warnings.catch_warnings():
warnings.filterwarnings('ignore', r'cgi\.escape',
DeprecationWarning)
self.assertEqual("test &amp; string", cgi.escape("test & string"))
self.assertEqual("&lt;test string&gt;", cgi.escape("<test string>"))
self.assertEqual("&quot;test string&quot;", cgi.escape('"test string"', True))

def test_strict(self):
for orig, expect in parse_strict_test_cases:
# Test basic parsing
Expand Down Expand Up @@ -449,20 +439,6 @@ def testQSAndFormDataFile(self):
v = gen_result(data, environ)
self.assertEqual(result, v)

def test_deprecated_parse_qs(self):
# this func is moved to urllib.parse, this is just a sanity check
with check_warnings(('cgi.parse_qs is deprecated, use urllib.parse.'
'parse_qs instead', DeprecationWarning)):
self.assertEqual({'a': ['A1'], 'B': ['B3'], 'b': ['B2']},
cgi.parse_qs('a=A1&b=B2&B=B3'))

def test_deprecated_parse_qsl(self):
# this func is moved to urllib.parse, this is just a sanity check
with check_warnings(('cgi.parse_qsl is deprecated, use urllib.parse.'
'parse_qsl instead', DeprecationWarning)):
self.assertEqual([('a', 'A1'), ('b', 'B2'), ('B', 'B3')],
cgi.parse_qsl('a=A1&b=B2&B=B3'))

def test_parse_header(self):
self.assertEqual(
cgi.parse_header("text/plain"),
Expand Down
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Library/2018-06-12-18-59-16.bpo-33843.qVAK8g.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove deprecated ``cgi.escape``, ``cgi.parse_qs`` and ``cgi.parse_qsl``.