bpo-38863: Fix a bug of is_cgi() in http.server#17292
Closed
kkangshawn wants to merge 1 commit into
Closed
Conversation
is_cgi() function of http.server library does not correctly separate given path for cgi script into a directory and a file part. is_cgi() in CGIHTTPRequestHandler class separates given path into (dir, rest) then checks if dir is in cgi_directories. However, it divides based on the first seen '/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub' exists in cgi_directories = [..., '/sub/dir/cgi-bin']. If the function divides by last seen '/', it works correctly as head=/sub/dir/cgi-bin, rest=hello.py Signed-off-by: Siwon Kang <kkangshawn@gmail.com>
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). CLA MissingOur records indicate the following people have not signed the CLA: For legal reasons we need all the people listed to sign the CLA before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. If you have recently signed the CLA, please wait at least one business day You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
is_cgi() function of http.server library does not correctly separate
given path for cgi script into a directory and a file part. is_cgi() in
CGIHTTPRequestHandler class separates given path into (dir, rest) then
checks if dir is in cgi_directories. However, it divides based on the
first seen '/', multi-level directories like /sub/dir/cgi-bin/hello.py
is divided into head=/sub, rest=dir/cgi-bin/hello.py then check whether
'/sub' exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
If the function divides by last seen '/', it works correctly as
head=/sub/dir/cgi-bin, rest=hello.py
Signed-off-by: Siwon Kang kkangshawn@gmail.com
https://bugs.python.org/issue38863