[New-bugs-announce] [issue10485] http.server fails when query string contains addition '?' characters
report at bugs.python.org
Sun Nov 21 08:38:14 CET 2010
New submission from Glenn Linderman <v+python at g.nevcal.com>:
http.server on Python 3 and CGIHTTPServer on Python 2 both contain the same code with the same bug. In run_cgi, rest.rfind('?') is used to separate the path from the query string. However, it should be rest.find('?') as the query string starts with '?' but may also contain '?'. It is required that '?' not be used in URL path part without escaping.
Apache, for example, separates the following URL:
into path part /testing and query string part foo=bar?&baz=3 but http.server does not.
components: Library (Lib)
title: http.server fails when query string contains addition '?' characters
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce