|
 |
f63228 |
|
|
|
f63228 |
# HG changeset patch
|
|
|
f63228 |
# User Benjamin Peterson <benjamin@python.org>
|
|
|
f63228 |
# Date 1402796189 25200
|
|
|
f63228 |
# Node ID b4bab078876811c7d95231d08aa6fa7142fdda66
|
|
|
f63228 |
# Parent bb8b0c7fefd0c5ed99b3f336178a4f9554a1d0ef
|
|
|
f63228 |
url unquote the path before checking if it refers to a CGI script (closes #21766)
|
|
|
f63228 |
|
|
|
f63228 |
diff --git a/Lib/CGIHTTPServer.py b/Lib/CGIHTTPServer.py
|
|
|
f63228 |
--- a/Lib/CGIHTTPServer.py
|
|
|
f63228 |
+++ b/Lib/CGIHTTPServer.py
|
|
|
f63228 |
@@ -84,7 +84,7 @@ class CGIHTTPRequestHandler(SimpleHTTPSe
|
|
|
f63228 |
path begins with one of the strings in self.cgi_directories
|
|
|
f63228 |
(and the next character is a '/' or the end of the string).
|
|
|
f63228 |
"""
|
|
|
f63228 |
- collapsed_path = _url_collapse_path(self.path)
|
|
|
f63228 |
+ collapsed_path = _url_collapse_path(urllib.unquote(self.path))
|
|
|
f63228 |
dir_sep = collapsed_path.find('/', 1)
|
|
|
f63228 |
head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]
|
|
|
f63228 |
if head in self.cgi_directories:
|
|
|
f63228 |
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
|
|
|
f63228 |
--- a/Lib/test/test_httpservers.py
|
|
|
f63228 |
+++ b/Lib/test/test_httpservers.py
|
|
|
f63228 |
@@ -510,6 +510,11 @@ class CGIHTTPServerTestCase(BaseTestCase
|
|
|
f63228 |
(res.read(), res.getheader('Content-type'), res.status))
|
|
|
f63228 |
self.assertEqual(os.environ['SERVER_SOFTWARE'], signature)
|
|
|
f63228 |
|
|
|
f63228 |
+ def test_urlquote_decoding_in_cgi_check(self):
|
|
|
f63228 |
+ res = self.request('/cgi-bin%2ffile1.py')
|
|
|
f63228 |
+ self.assertEqual((b'Hello World\n', 'text/html', 200),
|
|
|
f63228 |
+ (res.read(), res.getheader('Content-type'), res.status))
|
|
|
f63228 |
+
|
|
|
f63228 |
|
|
|
f63228 |
class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
|
|
|
f63228 |
""" Test url parsing """
|