Message 156014 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	v+python
Recipients	Giovanni.Funchal, facundobatista, fdrake, orsenthil, python-dev, v+python
Date	2012年03月16日.08:43:20
SpamBayes Score	0.0005195151
Marked as misclassified	No
Message-id	<1331887403.57.0.678972154074.issue10484@psf.upfronthosting.co.za>

Content
Another issue with the patch, is that it doesn't do .. and . collapsing on the PATH_INFO part of the path. It is possible for a path like /cgi-bin/script.py/../../plain-file.html to be passed to the server. I guess the question is if it should serve plain-file.html or if it should pass "../../plain-file.html" to script.py as its PATH_INFO. I would think the former would be appropriate. I would have to do research to determine if some standard states otherwise.

Content

Another issue with the patch, is that it doesn't do .. and . collapsing on the PATH_INFO part of the path.
It is possible for a path like
/cgi-bin/script.py/../../plain-file.html
to be passed to the server. I guess the question is if it should serve plain-file.html or if it should pass "../../plain-file.html" to script.py as its PATH_INFO. I would think the former would be appropriate. I would have to do research to determine if some standard states otherwise.

History
Date	User	Action	Args
2012年03月16日 08:43:23	v+python	set	recipients: + v+python, fdrake, facundobatista, orsenthil, python-dev, Giovanni.Funchal
2012年03月16日 08:43:23	v+python	set	messageid: <1331887403.57.0.678972154074.issue10484@psf.upfronthosting.co.za>
2012年03月16日 08:43:20	v+python	link	issue10484 messages
2012年03月16日 08:43:20	v+python	create

homepage