Source code for webob.request

import binascii
import io
import os
import re
import sys
import tempfile
import mimetypes
    import simplejson as json
except ImportError:
    import json
import warnings

from webob.acceptparse import (

from webob.cachecontrol import (

from webob.compat import (

from webob.cookies import RequestCookies

from webob.descriptors import (

from webob.etag import (

from webob.headers import EnvironHeaders

from webob.multidict import (

from webob.util import warn_deprecation

__all__ = ['BaseRequest', 'Request', 'LegacyRequest']

class _NoDefault:
    def __repr__(self):
        return '(No Default)'
NoDefault = _NoDefault()

PATH_SAFE = '/:@&+$,'

http_method_probably_has_body = dict.fromkeys(
    ('GET', 'HEAD', 'DELETE', 'TRACE'), False)
    dict.fromkeys(('POST', 'PUT', 'PATCH'), True))

    'ascii', 'latin-1', 'latin', 'latin_1', 'l1', 'latin1',
    'iso-8859-1', 'iso8859_1', 'iso_8859_1', 'iso8859', '8859',

class BaseRequest(object):
    ## The limit after which request bodies should be stored on disk
    ## if they are read in (under this, and the request body is stored
    ## in memory):
    request_body_tempfile_limit = 10*1024

    _charset = None

    def __init__(self, environ, charset=None, unicode_errors=None,
                 decode_param_names=None, **kw):

        if type(environ) is not dict:
            raise TypeError(
                "WSGI environ must be a dict; you passed %r" % (environ,))
        if unicode_errors is not None:
                "You unicode_errors=%r to the Request constructor.  Passing a "
                "``unicode_errors`` value to the Request is no longer "
                "supported in WebOb 1.2+.  This value has been ignored " % (
        if decode_param_names is not None:
                "You passed decode_param_names=%r to the Request constructor. "
                "Passing a ``decode_param_names`` value to the Request "
                "is no longer supported in WebOb 1.2+.  This value has "
                "been ignored " % (decode_param_names,),
        if not _is_utf8(charset):
            raise DeprecationWarning(
                "You passed charset=%r to the Request constructor. As of "
                "WebOb 1.2, if your application needs a non-UTF-8 request "
                "charset, please construct the request without a charset or "
                "with a charset of 'None',  then use ``req = "
                "req.decode(charset)``" % charset

        d = self.__dict__
        d['environ'] = environ
        if kw:
            cls = self.__class__
            if 'method' in kw:
                # set method first, because .body setters
                # depend on it for checks
                self.method = kw.pop('method')
            for name, value in kw.items():
                if not hasattr(cls, name):
                    raise TypeError(
                        "Unexpected keyword: %s=%r" % (name, value))
                setattr(self, name, value)

    if PY3: # pragma: no cover
        def encget(self, key, default=NoDefault, encattr=None):
            val = self.environ.get(key, default)
            if val is NoDefault:
                raise KeyError(key)
            if val is default:
                return default
            if not encattr:
                return val
            encoding = getattr(self, encattr)
            if encoding in _LATIN_ENCODINGS: # shortcut
                return val
            return bytes_(val, 'latin-1').decode(encoding)
        def encget(self, key, default=NoDefault, encattr=None):
            val = self.environ.get(key, default)
            if val is NoDefault:
                raise KeyError(key)
            if val is default:
                return default
            if encattr is None:
                return val
            encoding = getattr(self, encattr)
            return val.decode(encoding)

    def encset(self, key, val, encattr=None):
        if encattr:
            encoding = getattr(self, encattr)
            encoding = 'ascii'
        if PY3: # pragma: no cover
            self.environ[key] = bytes_(val, encoding).decode('latin-1')
            self.environ[key] = bytes_(val, encoding)

    def charset(self):
        if self._charset is None:
            charset = detect_charset(self._content_type_raw)
            if _is_utf8(charset):
                charset = 'UTF-8'
            self._charset = charset
        return self._charset

    def charset(self, charset):
        if _is_utf8(charset):
            charset = 'UTF-8'
        if charset != self.charset:
            raise DeprecationWarning("Use req = req.decode(%r)" % charset)

    def decode(self, charset=None, errors='strict'):
        charset = charset or self.charset
        if charset == 'UTF-8':
            return self
        # cookies and path are always utf-8
        t = Transcoder(charset, errors)

        new_content_type = CHARSET_RE.sub('; charset="UTF-8"',
        content_type = self.content_type
        r = self.__class__(

        if content_type == 'application/x-www-form-urlencoded':
            r.body = bytes_(t.transcode_query(native_(self.body)))
            return r
        elif content_type != 'multipart/form-data':
            return r

        fs_environ = self.environ.copy()
        fs_environ.setdefault('CONTENT_LENGTH', '0')
        fs_environ['QUERY_STRING'] = ''
        if PY3: # pragma: no cover
            fs = cgi_FieldStorage(fp=self.body_file,
            fs = cgi_FieldStorage(fp=self.body_file,

        fout = t.transcode_fs(fs, r._content_type_raw)

        # this order is important, because setting body_file
        # resets content_length
        r.body_file = fout
        r.content_length = fout.tell()
        return r

    # this is necessary for correct warnings depth for both
    # BaseRequest and Request (due to AdhocAttrMixin.__setattr__)
    _setattr_stacklevel = 2

    def _body_file__get(self):
            Input stream of the request (wsgi.input).
            Setting this property resets the content_length and seekable flag
            (unlike setting req.body_file_raw).
        if not self.is_body_readable:
            return io.BytesIO()
        r = self.body_file_raw
        clen = self.content_length
        if not self.is_body_seekable and clen is not None:
            # we need to wrap input in LimitedLengthFile
            # but we have to cache the instance as well
            # otherwise this would stop working
            # (.remaining counter would reset between calls):
            env = self.environ
            wrapped, raw = env.get('webob._body_file', (0,0))
            if raw is not r:
                wrapped = LimitedLengthFile(r, clen)
                wrapped = io.BufferedReader(wrapped)
                env['webob._body_file'] = wrapped, r
            r = wrapped
        return r

    def _body_file__set(self, value):
        if isinstance(value, bytes):
                "Please use req.body = b'bytes' or req.body_file = fileobj",
        self.content_length = None
        self.body_file_raw = value
        self.is_body_seekable = False
        self.is_body_readable = True
    def _body_file__del(self):
        self.body = b''
    body_file = property(_body_file__get,
    body_file_raw = environ_getter('wsgi.input')
    def body_file_seekable(self):
            Get the body of the request (wsgi.input) as a seekable file-like
            object. Middleware and routing applications should use this
            attribute over .body_file.

            If you access this value, CONTENT_LENGTH will also be updated.
        if not self.is_body_seekable:
        return self.body_file_raw

    url_encoding = environ_getter('webob.url_encoding', 'UTF-8')
    scheme = environ_getter('wsgi.url_scheme')
    method = environ_getter('REQUEST_METHOD', 'GET')
    http_version = environ_getter('SERVER_PROTOCOL')
    content_length = converter(
        environ_getter('CONTENT_LENGTH', None, '14.13'),
        parse_int_safe, serialize_int, 'int')
    remote_user = environ_getter('REMOTE_USER', None)
    remote_addr = environ_getter('REMOTE_ADDR', None)
    query_string = environ_getter('QUERY_STRING', '')
    server_name = environ_getter('SERVER_NAME')
    server_port = converter(
        parse_int, serialize_int, 'int')

    script_name = environ_decoder('SCRIPT_NAME', '', encattr='url_encoding')
    path_info = environ_decoder('PATH_INFO', encattr='url_encoding')

    # bw compat
    uscript_name = script_name
    upath_info = path_info

    _content_type_raw = environ_getter('CONTENT_TYPE', '')

    def _content_type__get(self):
        """Return the content type, but leaving off any parameters (like
        charset, but also things like the type in ``application/atom+xml;

        If you set this property, you can include parameters, or if
        you don't include any parameters in the value then existing
        parameters will be preserved.
        return self._content_type_raw.split(';', 1)[0]
    def _content_type__set(self, value=None):
        if value is not None:
            value = str(value)
            if ';' not in value:
                content_type = self._content_type_raw
                if ';' in content_type:
                    value += ';' + content_type.split(';', 1)[1]
        self._content_type_raw = value

    content_type = property(_content_type__get,

    _headers = None

    def _headers__get(self):
        All the request headers as a case-insensitive dictionary-like
        if self._headers is None:
            self._headers = EnvironHeaders(self.environ)
        return self._headers

    def _headers__set(self, value):

    headers = property(_headers__get, _headers__set, doc=_headers__get.__doc__)

    def client_addr(self):
        The effective client IP address as a string.  If the
        ``HTTP_X_FORWARDED_FOR`` header exists in the WSGI environ, this
        attribute returns the client IP address present in that header
        (e.g. if the header value is ``,``, the value
        will be ````). If no ``HTTP_X_FORWARDED_FOR`` header is
        present in the environ at all, this attribute will return the value
        of the ``REMOTE_ADDR`` header.  If the ``REMOTE_ADDR`` header is
        unset, this attribute will return the value ``None``.

        .. warning::

           It is possible for user agents to put someone else's IP or just
           any string in ``HTTP_X_FORWARDED_FOR`` as it is a normal HTTP
           header. Forward proxies can also provide incorrect values (private
           IP addresses etc).  You cannot "blindly" trust the result of this
           method to provide you with valid data unless you're certain that
           ``HTTP_X_FORWARDED_FOR`` has the correct values.  The WSGI server
           must be behind a trusted proxy for this to be true.
        e = self.environ
        xff = e.get('HTTP_X_FORWARDED_FOR')
        if xff is not None:
            addr = xff.split(',')[0].strip()
            addr = e.get('REMOTE_ADDR')
        return addr

    def host_port(self):
        The effective server port number as a string.  If the ``HTTP_HOST``
        header exists in the WSGI environ, this attribute returns the port
        number present in that header. If the ``HTTP_HOST`` header exists but
        contains no explicit port number: if the WSGI url scheme is "https" ,
        this attribute returns "443", if the WSGI url scheme is "http", this
        attribute returns "80" .  If no ``HTTP_HOST`` header is present in
        the environ at all, this attribute will return the value of the
        ``SERVER_PORT`` header (which is guaranteed to be present).
        e = self.environ
        host = e.get('HTTP_HOST')
        if host is not None:
            if ':' in host:
                host, port = host.split(':', 1)
                url_scheme = e['wsgi.url_scheme']
                if url_scheme == 'https':
                    port = '443'
                    port = '80'
            port = e['SERVER_PORT']
        return port

    def host_url(self):
        The URL through the host (no path)
        e = self.environ
        scheme = e.get('wsgi.url_scheme')
        url = scheme + '://'
        host = e.get('HTTP_HOST')
        if host is not None:
            if ':' in host:
                host, port = host.split(':', 1)
                port = None
            host = e.get('SERVER_NAME')
            port = e.get('SERVER_PORT')
        if scheme == 'https':
            if port == '443':
                port = None
        elif scheme == 'http':
            if port == '80':
                port = None
        url += host
        if port:
            url += ':%s' % port
        return url

    def application_url(self):
        The URL including SCRIPT_NAME (no PATH_INFO or query string)
        bscript_name = bytes_(self.script_name, self.url_encoding)
        return self.host_url + url_quote(bscript_name, PATH_SAFE)

    def path_url(self):
        The URL including SCRIPT_NAME and PATH_INFO, but not QUERY_STRING
        bpath_info = bytes_(self.path_info, self.url_encoding)
        return self.application_url + url_quote(bpath_info, PATH_SAFE)

    def path(self):
        The path of the request, without host or query string
        bscript = bytes_(self.script_name, self.url_encoding)
        bpath = bytes_(self.path_info, self.url_encoding)
        return url_quote(bscript, PATH_SAFE) + url_quote(bpath, PATH_SAFE)

    def path_qs(self):
        The path of the request, without host but with query string
        path = self.path
        qs = self.environ.get('QUERY_STRING')
        if qs:
            path += '?' + qs
        return path

    def url(self):
        The full request URL, including QUERY_STRING
        url = self.path_url
        qs = self.environ.get('QUERY_STRING')
        if qs:
            url += '?' + qs
        return url

    def relative_url(self, other_url, to_application=False):
        Resolve other_url relative to the request URL.

        If ``to_application`` is True, then resolve it relative to the
        URL with only SCRIPT_NAME
        if to_application:
            url = self.application_url
            if not url.endswith('/'):
                url += '/'
            url = self.path_url
        return urlparse.urljoin(url, other_url)

    def path_info_pop(self, pattern=None):
        'Pops' off the next segment of PATH_INFO, pushing it onto
        SCRIPT_NAME, and returning the popped segment.  Returns None if
        there is nothing left on PATH_INFO.

        Does not return ``''`` when there's an empty segment (like
        ``/path//path``); these segments are just ignored.

        Optional ``pattern`` argument is a regexp to match the return value
        before returning. If there is no match, no changes are made to the
        request and None is returned.
        path = self.path_info
        if not path:
            return None
        slashes = ''
        while path.startswith('/'):
            slashes += '/'
            path = path[1:]
        idx = path.find('/')
        if idx == -1:
            idx = len(path)
        r = path[:idx]
        if pattern is None or re.match(pattern, r):
            self.script_name += slashes + r
            self.path_info = path[idx:]
            return r

    def path_info_peek(self):
        Returns the next segment on PATH_INFO, or None if there is no
        next segment.  Doesn't modify the environment.
        path = self.path_info
        if not path:
            return None
        path = path.lstrip('/')
        return path.split('/', 1)[0]

    def _urlvars__get(self):
        Return any *named* variables matched in the URL.

        Takes values from ``environ['wsgiorg.routing_args']``.
        Systems like ``routes`` set this value.
        if 'paste.urlvars' in self.environ:
            return self.environ['paste.urlvars']
        elif 'wsgiorg.routing_args' in self.environ:
            return self.environ['wsgiorg.routing_args'][1]
            result = {}
            self.environ['wsgiorg.routing_args'] = ((), result)
            return result

    def _urlvars__set(self, value):
        environ = self.environ
        if 'wsgiorg.routing_args' in environ:
            environ['wsgiorg.routing_args'] = (
                    environ['wsgiorg.routing_args'][0], value)
            if 'paste.urlvars' in environ:
                del environ['paste.urlvars']
        elif 'paste.urlvars' in environ:
            environ['paste.urlvars'] = value
            environ['wsgiorg.routing_args'] = ((), value)

    def _urlvars__del(self):
        if 'paste.urlvars' in self.environ:
            del self.environ['paste.urlvars']
        if 'wsgiorg.routing_args' in self.environ:
            if not self.environ['wsgiorg.routing_args'][0]:
                del self.environ['wsgiorg.routing_args']
                self.environ['wsgiorg.routing_args'] = (
                        self.environ['wsgiorg.routing_args'][0], {})

    urlvars = property(_urlvars__get,

    def _urlargs__get(self):
        Return any *positional* variables matched in the URL.

        Takes values from ``environ['wsgiorg.routing_args']``.
        Systems like ``routes`` set this value.
        if 'wsgiorg.routing_args' in self.environ:
            return self.environ['wsgiorg.routing_args'][0]
            # Since you can't update this value in-place, we don't need
            # to set the key in the environment
            return ()

    def _urlargs__set(self, value):
        environ = self.environ
        if 'paste.urlvars' in environ:
            # Some overlap between this and wsgiorg.routing_args; we need
            # wsgiorg.routing_args to make this work
            routing_args = (value, environ.pop('paste.urlvars'))
        elif 'wsgiorg.routing_args' in environ:
            routing_args = (value, environ['wsgiorg.routing_args'][1])
            routing_args = (value, {})
        environ['wsgiorg.routing_args'] = routing_args

    def _urlargs__del(self):
        if 'wsgiorg.routing_args' in self.environ:
            if not self.environ['wsgiorg.routing_args'][1]:
                del self.environ['wsgiorg.routing_args']
                self.environ['wsgiorg.routing_args'] = (
                        (), self.environ['wsgiorg.routing_args'][1])

    urlargs = property(_urlargs__get,

    def is_xhr(self):
        """Is X-Requested-With header present and equal to ``XMLHttpRequest``?

        Note: this isn't set by every XMLHttpRequest request, it is
        only set if you are using a Javascript library that sets it
        (or you set the header yourself manually).  Currently
        Prototype and jQuery are known to set this header."""
        return self.environ.get('HTTP_X_REQUESTED_WITH', '') == 'XMLHttpRequest'

    def _host__get(self):
        """Host name provided in HTTP_HOST, with fall-back to SERVER_NAME"""
        if 'HTTP_HOST' in self.environ:
            return self.environ['HTTP_HOST']
            return '%(SERVER_NAME)s:%(SERVER_PORT)s' % self.environ
    def _host__set(self, value):
        self.environ['HTTP_HOST'] = value
    def _host__del(self):
        if 'HTTP_HOST' in self.environ:
            del self.environ['HTTP_HOST']
    host = property(_host__get, _host__set, _host__del, doc=_host__get.__doc__)

    def domain(self):
        """ Returns the domain portion of the host value.  Equivalent to:

        .. code-block:: python

           domain =
           if ':' in domain:
               domain = domain.split(':', 1)[0]

        This will be equivalent to the domain portion of the ``HTTP_HOST``
        value in the environment if it exists, or the ``SERVER_NAME`` value in
        the environment if it doesn't.  For example, if the environment
        contains an ``HTTP_HOST`` value of ````,
        ``request.domain`` will return ````.

        Note that this value cannot be *set* on the request.  To set the host
        value use :meth:`` instead.
        domain =
        if ':' in domain:
             domain = domain.split(':', 1)[0]
        return domain

    def _body__get(self):
        Return the content of the request body.
        if not self.is_body_readable:
            return b''
        self.make_body_seekable() # we need this to have content_length
        r =
        return r
    def _body__set(self, value):
        if value is None:
            value = b''
        if not isinstance(value, bytes):
            raise TypeError("You can only set Request.body to bytes (not %r)"
                                % type(value))
        if not http_method_probably_has_body.get(self.method, True):
            if not value:
                self.content_length = None
                self.body_file_raw = io.BytesIO()
        self.content_length = len(value)
        self.body_file_raw = io.BytesIO(value)
        self.is_body_seekable = True
    def _body__del(self):
        self.body = b''
    body = property(_body__get, _body__set, _body__del, doc=_body__get.__doc__)

    def _json_body__get(self):
        """Access the body of the request as JSON"""
        return json.loads(self.body.decode(self.charset))

    def _json_body__set(self, value):
        self.body = json.dumps(value, separators=(',', ':')).encode(self.charset)

    def _json_body__del(self):
        del self.body

    json = json_body = property(_json_body__get, _json_body__set, _json_body__del)

    def _text__get(self):
        Get/set the text value of the body
        if not self.charset:
            raise AttributeError(
                "You cannot access Request.text unless charset is set")
        body = self.body
        return body.decode(self.charset)

    def _text__set(self, value):
        if not self.charset:
            raise AttributeError(
                "You cannot access Response.text unless charset is set")
        if not isinstance(value, text_type):
            raise TypeError(
                "You can only set Request.text to a unicode string "
                "(not %s)" % type(value))
        self.body = value.encode(self.charset)

    def _text__del(self):
        del self.body

    text = property(_text__get, _text__set, _text__del, doc=_text__get.__doc__)

    def POST(self):
        Return a MultiDict containing all the variables from a form
        request. Returns an empty dict-like object for non-form requests.

        Form requests are typically POST requests, however PUT & PATCH requests
        with an appropriate Content-Type are also supported.
        env = self.environ
        if self.method not in ('POST', 'PUT', 'PATCH'):
            return NoVars('Not a form request')
        if 'webob._parsed_post_vars' in env:
            vars, body_file = env['webob._parsed_post_vars']
            if body_file is self.body_file_raw:
                return vars
        content_type = self.content_type
        if ((self.method != 'POST' and not content_type)
            or content_type not in
            # Not an HTML form submission
            return NoVars('Not an HTML form submission (Content-Type: %s)'
                          % content_type)


        fs_environ = env.copy()
        # FieldStorage assumes a missing CONTENT_LENGTH, but a
        # default of 0 is better:
        fs_environ.setdefault('CONTENT_LENGTH', '0')
        fs_environ['QUERY_STRING'] = ''
        if PY3: # pragma: no cover
            fs = cgi_FieldStorage(
            vars = MultiDict.from_fieldstorage(fs)
            fs = cgi_FieldStorage(
            vars = MultiDict.from_fieldstorage(fs)

        env['webob._parsed_post_vars'] = (vars, self.body_file_raw)
        return vars

    def GET(self):
        Return a MultiDict containing all the variables from the
        env = self.environ
        source = env.get('QUERY_STRING', '')
        if 'webob._parsed_query_vars' in env:
            vars, qs = env['webob._parsed_query_vars']
            if qs == source:
                return vars

        data = []
        if source:
            # this is disabled because we want to access req.GET
            # for text/plain; charset=ascii uploads for example
            data = parse_qsl_text(source)
            #d = lambda b: b.decode('utf8')
            #data = [(d(k), d(v)) for k,v in data]
        vars = GetDict(data, env)
        env['webob._parsed_query_vars'] = (vars, source)
        return vars

    def _check_charset(self):
        if self.charset != 'UTF-8':
            raise DeprecationWarning(
                "Requests are expected to be submitted in UTF-8, not %s. "
                "You can fix this by doing req = req.decode('%s')" % (
                    self.charset, self.charset)

    def params(self):
        A dictionary-like object containing both the parameters from
        the query string and request body.
        params = NestedMultiDict(self.GET, self.POST)
        return params

    def cookies(self):
        Return a dictionary of cookies as found in the request.
        return RequestCookies(self.environ)

    def cookies(self, val):
        self.environ.pop('HTTP_COOKIE', None)
        r = RequestCookies(self.environ)

    def copy(self):
        Copy the request and environment object.

        This only does a shallow copy, except of wsgi.input
        env = self.environ.copy()
        new_req = self.__class__(env)
        return new_req

    def copy_get(self):
        Copies the request and environment object, but turning this request
        into a GET along the way.  If this was a POST request (or any other
        verb) then it becomes GET, and the request body is thrown away.
        env = self.environ.copy()
        return self.__class__(env, method='GET', content_type=None,

    # webob.is_body_seekable marks input streams that are seekable
    # this way we can have seekable input without testing the .seek() method
    is_body_seekable = environ_getter('webob.is_body_seekable', False)

    #is_body_readable = environ_getter('webob.is_body_readable', False)

    def _is_body_readable__get(self):
            webob.is_body_readable is a flag that tells us
            that we can read the input stream even though
            CONTENT_LENGTH is missing. This allows FakeCGIBody
            to work and can be used by servers to support
            chunked encoding in requests.
            For background see
        if http_method_probably_has_body.get(self.method):
            # known HTTP method with body
            return True
        elif self.content_length is not None:
            # unknown HTTP method, but the Content-Length
            # header is present
            return True
            # last resort -- rely on the special flag
            return self.environ.get('webob.is_body_readable', False)

    def _is_body_readable__set(self, flag):
        self.environ['webob.is_body_readable'] = bool(flag)

    is_body_readable = property(_is_body_readable__get, _is_body_readable__set,

    def make_body_seekable(self):
        This forces ``environ['wsgi.input']`` to be seekable.
        That means that, the content is copied into a BytesIO or temporary
        file and flagged as seekable, so that it will not be unnecessarily
        copied again.

        After calling this method the .body_file is always seeked to the
        start of file and .content_length is not None.

        The choice to copy to BytesIO is made from
        if self.is_body_seekable:

    def copy_body(self):
        Copies the body, in cases where it might be shared with
        another request object and that is not desired.

        This copies the body in-place, either into a BytesIO object
        or a temporary file.
        if not self.is_body_readable:
            # there's no body to copy
            self.body = b''
        elif self.content_length is None:
            # chunked body or FakeCGIBody
            self.body =
            # try to read body into tempfile
            did_copy = self._copy_body_tempfile()
            if not did_copy:
                # it wasn't necessary, so just read it into memory
                self.body =

    def _copy_body_tempfile(self):
            Copy wsgi.input to tempfile if necessary. Returns True if it did.
        tempfile_limit = self.request_body_tempfile_limit
        todo = self.content_length
        assert isinstance(todo, integer_types), todo
        if not tempfile_limit or todo <= tempfile_limit:
            return False
        fileobj = self.make_tempfile()
        input = self.body_file
        while todo > 0:
            data =, 65536))
            if not data:
                # Normally this should not happen, because LimitedLengthFile
                # should have raised an exception by now.
                # It can happen if the is_body_seekable flag is incorrect.
                raise DisconnectionError(
                    "Client disconnected (%s more bytes were expected)"
                    % todo
            todo -= len(data)
        self.body_file_raw = fileobj
        self.is_body_seekable = True
        return True

    def make_tempfile(self):
            Create a tempfile to store big request body.
            This API is not stable yet. A 'size' argument might be added.
        return tempfile.TemporaryFile()

    def remove_conditional_headers(self,
        Remove headers that make the request conditional.

        These headers can cause the response to be 304 Not Modified,
        which in some cases you may not want to be possible.

        This does not remove headers like If-Match, which are used for
        conflict detection.
        check_keys = []
        if remove_range:
            check_keys += ['HTTP_IF_RANGE', 'HTTP_RANGE']
        if remove_match:
        if remove_modified:
        if remove_encoding:

        for key in check_keys:
            if key in self.environ:
                del self.environ[key]

    accept = accept_property('Accept', '14.1', MIMEAccept, MIMENilAccept)
    accept_charset = accept_property('Accept-Charset', '14.2', AcceptCharset)
    accept_encoding = accept_property('Accept-Encoding', '14.3',
    accept_language = accept_property('Accept-Language', '14.4', AcceptLanguage)

    authorization = converter(
        environ_getter('HTTP_AUTHORIZATION', None, '14.8'),
        parse_auth, serialize_auth,

    def _cache_control__get(self):
        Get/set/modify the Cache-Control header (`HTTP spec section 14.9
        env = self.environ
        value = env.get('HTTP_CACHE_CONTROL', '')
        cache_header, cache_obj = env.get('webob._cache_control', (None, None))
        if cache_obj is not None and cache_header == value:
            return cache_obj
        cache_obj = CacheControl.parse(value,
        env['webob._cache_control'] = (value, cache_obj)
        return cache_obj

    def _cache_control__set(self, value):
        env = self.environ
        value = value or ''
        if isinstance(value, dict):
            value = CacheControl(value, type='request')
        if isinstance(value, CacheControl):
            str_value = str(value)
            env['HTTP_CACHE_CONTROL'] = str_value
            env['webob._cache_control'] = (str_value, value)
            env['HTTP_CACHE_CONTROL'] = str(value)
            env['webob._cache_control'] = (None, None)

    def _cache_control__del(self):
        env = self.environ
        if 'HTTP_CACHE_CONTROL' in env:
            del env['HTTP_CACHE_CONTROL']
        if 'webob._cache_control' in env:
            del env['webob._cache_control']

    def _update_cache_control(self, prop_dict):
        self.environ['HTTP_CACHE_CONTROL'] = serialize_cache_control(prop_dict)

    cache_control = property(_cache_control__get,

    if_match = etag_property('HTTP_IF_MATCH', AnyETag, '14.24')
    if_none_match = etag_property('HTTP_IF_NONE_MATCH', NoETag, '14.26',

    date = converter_date(environ_getter('HTTP_DATE', None, '14.8'))
    if_modified_since = converter_date(
                    environ_getter('HTTP_IF_MODIFIED_SINCE', None, '14.25'))
    if_unmodified_since = converter_date(
                    environ_getter('HTTP_IF_UNMODIFIED_SINCE', None, '14.28'))
    if_range = converter(
        environ_getter('HTTP_IF_RANGE', None, '14.27'),
        IfRange.parse, serialize_if_range, 'IfRange object')

    max_forwards = converter(
        environ_getter('HTTP_MAX_FORWARDS', None, '14.31'),
        parse_int, serialize_int, 'int')

    pragma = environ_getter('HTTP_PRAGMA', None, '14.32')

    range = converter(
        environ_getter('HTTP_RANGE', None, '14.35'),
        parse_range, serialize_range, 'Range object')

    referer = environ_getter('HTTP_REFERER', None, '14.36')
    referrer = referer

    user_agent = environ_getter('HTTP_USER_AGENT', None, '14.43')

    def __repr__(self):
            name = '%s %s' % (self.method, self.url)
        except KeyError:
            name = '(invalid WSGI environ)'
        msg = '<%s at 0x%x %s>' % (
            abs(id(self)), name)
        return msg

    def as_bytes(self, skip_body=False):
            Return HTTP bytes representing this request.
            If skip_body is True, exclude the body.
            If skip_body is an integer larger than one, skip body
            only if its length is bigger than that number.
        url = self.url
        host = self.host_url
        assert url.startswith(host)
        url = url[len(host):]
        parts = [bytes_('%s %s %s' % (self.method, url, self.http_version))]

        # acquire body before we handle headers so that
        # content-length will be set
        body = None
        if http_method_probably_has_body.get(self.method):
            if skip_body > 1:
                if len(self.body) > skip_body:
                    body = bytes_('<body skipped (len=%s)>' % len(self.body))
                    skip_body = False
            if not skip_body:
                body = self.body

        for k, v in sorted(self.headers.items()):
            header = bytes_('%s: %s'  % (k, v))

        if body:
            parts.extend([b'', body])
        # HTTP clearly specifies CRLF
        return b'\r\n'.join(parts)

    def as_text(self):
        bytes = self.as_bytes()
        return bytes.decode(self.charset)

    __str__ = as_text

    def from_bytes(cls, b):
            Create a request from HTTP bytes data. If the bytes contain
            extra data after the request, raise a ValueError.
        f = io.BytesIO(b)
        r = cls.from_file(f)
        if f.tell() != len(b):
            raise ValueError("The string contains more data than expected")
        return r

    def from_text(cls, s):
        b = bytes_(s, 'utf-8')
        return cls.from_bytes(b)

    def from_file(cls, fp):
        """Read a request from a file-like object (it must implement
        ``.read(size)`` and ``.readline()``).

        It will read up to the end of the request, not the end of the
        file (unless the request is a POST or PUT and has no
        Content-Length, in that case, the entire file is read).

        This reads the request as represented by ``str(req)``; it may
        not read every valid HTTP request properly.
        start_line = fp.readline()
        is_text = isinstance(start_line, text_type)
        if is_text:
            crlf = '\r\n'
            colon = ':'
            crlf = b'\r\n'
            colon = b':'
            header = start_line.rstrip(crlf)
            method, resource, http_version = header.split(None, 2)
            method = native_(method, 'utf-8')
            resource = native_(resource, 'utf-8')
            http_version = native_(http_version, 'utf-8')
        except ValueError:
            raise ValueError('Bad HTTP request line: %r' % start_line)
        r = cls(environ_from_url(resource),
        del r.environ['HTTP_HOST']
        while 1:
            line = fp.readline()
            if not line.strip():
                # end of headers
            hname, hval = line.split(colon, 1)
            hname = native_(hname, 'utf-8')
            hval = native_(hval, 'utf-8').strip()
            if hname in r.headers:
                hval = r.headers[hname] + ', ' + hval
            r.headers[hname] = hval
        if http_method_probably_has_body.get(r.method):
            clen = r.content_length
            if clen is None:
                body =
                body =
            if is_text:
                body = bytes_(body, 'utf-8')
            r.body = body
        return r

    def call_application(self, application, catch_exc_info=False):
        Call the given WSGI application, returning ``(status_string,
        headerlist, app_iter)``

        Be sure to call ``app_iter.close()`` if it's there.

        If catch_exc_info is true, then returns ``(status_string,
        headerlist, app_iter, exc_info)``, where the fourth item may
        be None, but won't be if there was an exception.  If you don't
        do this and there was an exception, the exception will be
        raised directly.
        if self.is_body_seekable:
        captured = []
        output = []
        def start_response(status, headers, exc_info=None):
            if exc_info is not None and not catch_exc_info:
            captured[:] = [status, headers, exc_info]
            return output.append
        app_iter = application(self.environ, start_response)
        if output or not captured:
                if hasattr(app_iter, 'close'):
            app_iter = output
        if catch_exc_info:
            return (captured[0], captured[1], app_iter, captured[2])
            return (captured[0], captured[1], app_iter)

    # Will be filled in later:
    ResponseClass = None

    def send(self, application=None, catch_exc_info=False):
        Like ``.call_application(application)``, except returns a
        response object with ``.status``, ``.headers``, and ``.body``

        This will use ``self.ResponseClass`` to figure out the class
        of the response object to return.

        If ``application`` is not given, this will send the request to
        if application is None:
            application = self.make_default_send_app()
        if catch_exc_info:
            status, headers, app_iter, exc_info = self.call_application(
                application, catch_exc_info=True)
            del exc_info
            status, headers, app_iter = self.call_application(
                application, catch_exc_info=False)
        return self.ResponseClass(
            status=status, headerlist=list(headers), app_iter=app_iter)

    get_response = send

    def make_default_send_app(self):
        global _client
            client = _client
        except NameError:
            from webob import client
            _client = client
        return client.send_request_app

    def blank(cls, path, environ=None, base_url=None,
              headers=None, POST=None, **kw):
        Create a blank request environ (and Request wrapper) with the
        given path (path should be urlencoded), and any keys from

        The path will become path_info, with any query string split
        off and used.

        All necessary keys will be added to the environ, but the
        values you pass in will take precedence.  If you pass in
        base_url then wsgi.url_scheme, HTTP_HOST, and SCRIPT_NAME will
        be filled in from that value.

        Any extra keyword will be passed to ``__init__``.
        env = environ_from_url(path)
        if base_url:
            scheme, netloc, path, query, fragment = urlparse.urlsplit(base_url)
            if query or fragment:
                raise ValueError(
                    "base_url (%r) cannot have a query or fragment"
                    % base_url)
            if scheme:
                env['wsgi.url_scheme'] = scheme
            if netloc:
                if ':' not in netloc:
                    if scheme == 'http':
                        netloc += ':80'
                    elif scheme == 'https':
                        netloc += ':443'
                        raise ValueError(
                            "Unknown scheme: %r" % scheme)
                host, port = netloc.split(':', 1)
                env['SERVER_PORT'] = port
                env['SERVER_NAME'] = host
                env['HTTP_HOST'] = netloc
            if path:
                env['SCRIPT_NAME'] = url_unquote(path)
        if environ:
        content_type = kw.get('content_type', env.get('CONTENT_TYPE'))
        if headers and 'Content-Type' in headers:
            content_type = headers['Content-Type']
        if content_type is not None:
            kw['content_type'] = content_type
        environ_add_POST(env, POST, content_type=content_type)
        obj = cls(env, **kw)
        if headers is not None:
        return obj

class LegacyRequest(BaseRequest):
    uscript_name = upath_property('SCRIPT_NAME')
    upath_info = upath_property('PATH_INFO')

    def encget(self, key, default=NoDefault, encattr=None):
        val = self.environ.get(key, default)
        if val is NoDefault:
            raise KeyError(key)
        if val is default:
            return default
        return val

class AdhocAttrMixin(object):
    _setattr_stacklevel = 3

    def __setattr__(self, attr, value, DEFAULT=object()):
        if (getattr(self.__class__, attr, DEFAULT) is not DEFAULT or
            object.__setattr__(self, attr, value)
            self.environ.setdefault('webob.adhoc_attrs', {})[attr] = value

    def __getattr__(self, attr, DEFAULT=object()):
            return self.environ['webob.adhoc_attrs'][attr]
        except KeyError:
            raise AttributeError(attr)

    def __delattr__(self, attr, DEFAULT=object()):
        if getattr(self.__class__, attr, DEFAULT) is not DEFAULT:
            return object.__delattr__(self, attr)
            del self.environ['webob.adhoc_attrs'][attr]
        except KeyError:
            raise AttributeError(attr)

class Request(AdhocAttrMixin, BaseRequest):
    """ The default request implementation """

def environ_from_url(path):
        scheme, netloc, path, qs, fragment = urlparse.urlsplit(path)
        if fragment:
            raise TypeError("Path cannot contain a fragment (%r)" % fragment)
        if qs:
            path += '?' + qs
        if ':' not in netloc:
            if scheme == 'http':
                netloc += ':80'
            elif scheme == 'https':
                netloc += ':443'
                raise TypeError("Unknown scheme: %r" % scheme)
        scheme = 'http'
        netloc = 'localhost:80'
    if path and '?' in path:
        path_info, query_string = path.split('?', 1)
        path_info = url_unquote(path_info)
        path_info = url_unquote(path)
        query_string = ''
    env = {
        'REQUEST_METHOD': 'GET',
        'SCRIPT_NAME': '',
        'PATH_INFO': path_info or '',
        'QUERY_STRING': query_string,
        'SERVER_NAME': netloc.split(':')[0],
        'SERVER_PORT': netloc.split(':')[1],
        'HTTP_HOST': netloc,
        'SERVER_PROTOCOL': 'HTTP/1.0',
        'wsgi.version': (1, 0),
        'wsgi.url_scheme': scheme,
        'wsgi.input': io.BytesIO(),
        'wsgi.errors': sys.stderr,
        'wsgi.multithread': False,
        'wsgi.multiprocess': False,
        'wsgi.run_once': False,
        #'webob.is_body_seekable': True,
    return env

def environ_add_POST(env, data, content_type=None):
    if data is None:
    elif isinstance(data, text_type): # pragma: no cover
        data = data.encode('ascii')
    if env['REQUEST_METHOD'] not in ('POST', 'PUT'):
        env['REQUEST_METHOD'] = 'POST'
    has_files = False
    if hasattr(data, 'items'):
        data = list(data.items())
        for k, v in data:
            if isinstance(v, (tuple, list)):
                has_files = True
    if content_type is None:
        if has_files:
            content_type = 'multipart/form-data'
            content_type = 'application/x-www-form-urlencoded'
    if content_type.startswith('multipart/form-data'):
        if not isinstance(data, bytes):
            content_type, data = _encode_multipart(data, content_type)
    elif content_type.startswith('application/x-www-form-urlencoded'):
        if has_files:
            raise ValueError('Submiting files is not allowed for'
                             ' content type `%s`' % content_type)
        if not isinstance(data, bytes):
            data = url_encode(data)
        if not isinstance(data, bytes):
            raise ValueError('Please provide `POST` data as string'
                             ' for content type `%s`' % content_type)
    data = bytes_(data, 'utf8')
    env['wsgi.input'] = io.BytesIO(data)
    env['webob.is_body_seekable'] = True
    env['CONTENT_LENGTH'] = str(len(data))
    env['CONTENT_TYPE'] = content_type

## Helper classes and monkeypatching

class DisconnectionError(IOError):

class LimitedLengthFile(io.RawIOBase):
    def __init__(self, file, maxlen):
        self.file = file
        self.maxlen = maxlen
        self.remaining = maxlen

    def __repr__(self):
        return '<%s(%r, maxlen=%s)>' % (

    def fileno(self):
        return self.file.fileno()

    def readable():
        return True

    def readinto(self, buff):
        if not self.remaining:
            return 0
        sz0 = min(len(buff), self.remaining)
        data =
        sz = len(data)
        self.remaining -= sz
        #if not data:
        if sz < sz0 and self.remaining:
            raise DisconnectionError(
                "The client disconnected while sending the POST/PUT body "
                + "(%d more bytes were expected)" % self.remaining
        buff[:sz] = data
        return sz

def _cgi_FieldStorage__repr__patch(self):
    """ monkey patch for FieldStorage.__repr__

    Unbelievably, the default __repr__ on FieldStorage reads
    the entire file content instead of being sane about it.
    This is a simple replacement that doesn't do that
    if self.file:
        return "FieldStorage(%r, %r)" % (, self.filename)
    return "FieldStorage(%r, %r, %r)" % (, self.filename, self.value)

cgi_FieldStorage.__repr__ = _cgi_FieldStorage__repr__patch

class FakeCGIBody(io.RawIOBase):
    def __init__(self, vars, content_type):
        if content_type.startswith('multipart/form-data'):
            if not _get_multipart_boundary(content_type):
                raise ValueError('Content-type: %r does not contain boundary'
                            % content_type)
        self.vars = vars
        self.content_type = content_type
        self.file = None

    def __repr__(self):
        inner = repr(self.vars)
        if len(inner) > 20:
            inner = inner[:15] + '...' + inner[-5:]
        return '<%s at 0x%x viewing %s>' % (
            abs(id(self)), inner)

    def fileno(self):
        return None

    def readable():
        return True

    def readinto(self, buff):
        if self.file is None:
            if self.content_type.startswith(
                data = '&'.join(
                    '%s=%s' % (quote_plus(bytes_(k, 'utf8')), quote_plus(bytes_(v, 'utf8')))
                    for k,v in self.vars.items()
                self.file = io.BytesIO(bytes_(data))
            elif self.content_type.startswith('multipart/form-data'):
                self.file = _encode_multipart(
                assert 0, ('Bad content type: %r' % self.content_type)
        return self.file.readinto(buff)

def _get_multipart_boundary(ctype):
    m ='boundary=([^ ]+)', ctype, re.I)
    if m:
        return native_('"'))

def _encode_multipart(vars, content_type, fout=None):
    """Encode a multipart request body into a string"""
    f = fout or io.BytesIO()
    w = f.write
    wt = lambda t: f.write(t.encode('utf8'))
    CRLF = b'\r\n'
    boundary = _get_multipart_boundary(content_type)
    if not boundary:
        boundary = native_(binascii.hexlify(os.urandom(10)))
        content_type += ('; boundary=%s' % boundary)
    for name, value in vars:
        assert name is not None, 'Value associated with no name: %r' % value
        wt('Content-Disposition: form-data; name="%s"' % name)
        filename = None
        if getattr(value, 'filename', None):
            filename = value.filename
        elif isinstance(value, (list, tuple)):
            filename, value = value
            if hasattr(value, 'read'):
                value =

        if filename is not None:
            wt('; filename="%s"' % filename)
            mime_type = mimetypes.guess_type(filename)[0]
            mime_type = None


        # TODO: should handle value.disposition_options
        if getattr(value, 'type', None):
            wt('Content-type: %s' % value.type)
            if value.type_options:
                for ct_name, ct_value in sorted(value.type_options.items()):
                    wt('; %s="%s"' % (ct_name, ct_value))
        elif mime_type:
            wt('Content-type: %s' % mime_type)
        if hasattr(value, 'value'):
            value = value.value
        if isinstance(value, bytes):
    wt('--%s--' % boundary)
    if fout:
        return content_type, fout
        return content_type, f.getvalue()

def detect_charset(ctype):
    m =
    if m:

def _is_utf8(charset):
    if not charset:
        return True
        return charset.lower().replace('-', '') == 'utf8'

class Transcoder(object):
    def __init__(self, charset, errors='strict'):
        self.charset = charset # source charset
        self.errors = errors # unicode errors
        self._trans = lambda b: b.decode(charset, errors).encode('utf8')

    def transcode_query(self, q):
        if PY3: # pragma: no cover
            q_orig = q
            if '=' not in q:
                # this doesn't look like a form submission
                return q_orig
            q = list(parse_qsl_text(q, self.charset))
            return url_encode(q)
            q_orig = q
            if '=' not in q:
                # this doesn't look like a form submission
                return q_orig
            q = urlparse.parse_qsl(q, self.charset)
            t = self._trans
            q = [(t(k), t(v)) for k,v in q]
            return url_encode(q)

    def transcode_fs(self, fs, content_type):
        # transcode FieldStorage
        if PY3: # pragma: no cover
            decode = lambda b: b
            decode = lambda b: b.decode(self.charset, self.errors)
        data = []
        for field in fs.list or ():
   = decode(
            if field.filename:
                field.filename = decode(field.filename)
                data.append((, field))
                data.append((, decode(field.value)))

        # TODO: transcode big requests to temp file
        content_type, fout = _encode_multipart(
        return fout