request.form contains '-C':'' when no QUERY_STRING in environ

The "-C" parameter comes from the standard python cgi module (line 452) which is used to parse http requests args. If the "QUERY_STRING" environment variable is not present, the program uses sys.argv[1].

With zope, sys.argv is (at least): ['/zope/software/home/python/Zope2/Startup/run.py', '-C', '/my/instance/home/etc/zope.conf']; that's why we get the '-C' empty parameter.

I didn't check the history of the cgi.py module, so I don't know why sys.argv[1] is used (probably a trick?).

Anyway, your patch is okay but I think that it would be better to remove the "QUERY_STRING" key after the (Zope)FieldStorage instantiation: for instance, some applications may decide to check http parameters with an expression like environ.has_key('QUERY_STRING') and thus get some value when none was expected.

I figured out that's where the "-C" was coming from. That's why my patch sets the QUERY_STRING environment variable to an empty string when that variable is missing.
As far as why the cgi module looks at sys.argv[1], I think it does that to make it easy to test cgi scripts from the command line. Which is a cute idea, but does have this unfortunate side effect when FieldStorage is used by a non-cgi framework like Zope.

Your suggestion about removing the QUERY_STRING key after FieldStorage instantiation sounds reasonable to me.

Thanks for your attention! I realize this is a pretty minor (and generally harmless) bug. The only effect it has had on my applications is that it can show up in urls constructed based on request.form variables. The urls still work since I don't have anything that expects a parameter named "-C", but it annoys me every time I see it cluttering up a url.