[2.7] bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)

[matthewbelisle-wf]

Adding max_num_fields to cgi.FieldStorage to make DOS attacks harder by
limiting the number of MiniFieldStorage objects created by FieldStorage.

(cherry picked from commit 2091448)

https://bugs.python.org/issue34866

[matthewbelisle-wf]

@ambv @methane Here is the 2.7 backport of #9660. While doing this backport I noticed a logic bug in #9660 that my unit tests did not catch, and I'm making another bpo issue to fix it in 3.x. Sorry for the extra work there, it was my mistake. I'll CC you on that PR.

[vstinner]

You must update the documentation as well: https://bugs.python.org/issue34866#msg328401

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[matthewbelisle-wf]

Thanks for the info @vstinner , I added those changes in 90ab0d5.

For @bedevere-bot : I have made the requested changes; please review again.

[bedevere-bot]

Thanks for making the requested changes!

@vstinner: please review the changes made to this pull request.

[vstinner]

LGTM.

Please write a PR for the master branch to document the new parameter.

[matthewbelisle-wf]

Thanks @vstinner . Here are the PRs for master, 3.7, and 3.6:

#10247
#10246
#10248

[vstinner]

oh, please replace "param" with "parameter.

[vstinner]

Ditto.

[matthewbelisle-wf]

@vstinner Sure thing, fixed in commit 1767079.

[matthewbelisle-wf]

Okay this is ready for review again @vstinner