[New-bugs-announce] [issue10485] http.server fails when query string contains addition '?' characters
Glenn Linderman
report at bugs.python.org
Sun Nov 21 08:38:14 CET 2010
New submission from Glenn Linderman <v+python at g.nevcal.com>:
http.server on Python 3 and CGIHTTPServer on Python 2 both contain the same code with the same bug. In run_cgi, rest.rfind('?') is used to separate the path from the query string. However, it should be rest.find('?') as the query string starts with '?' but may also contain '?'. It is required that '?' not be used in URL path part without escaping.
Apache, for example, separates the following URL:
/testing?foo=bar?&baz=3
into path part /testing and query string part foo=bar?&baz=3 but http.server does not.
----------
components: Library (Lib)
messages: 121877
nosy: v+python
priority: normal
severity: normal
status: open
title: http.server fails when query string contains addition '?' characters
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10485>
_______________________________________
More information about the New-bugs-announce
mailing list