#12464: Empty PATH_INFO causes blank SCRIPT_NAME
------------------------------------+---------------------------------------
Reporter: chrisw | Owner: wogan
Status: assigned | Milestone: 1.3
Component: HTTP handling | Version: SVN
Resolution: | Keywords:
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
------------------------------------+---------------------------------------
Comment (by grahamd):
The code as it is technically will also only work if there is at most one
internal redirect undertaken within Apache. In the case where there is
more than one, Apache will prefix environment variables with 'REDIRECT_'
at each iteration. This is where 'REDIRECT_SCRIPT_URL' comes from that
mod_rewrite code internally checks for. Thus a robust implementation, to
get hold of the very original URL should find the variant of SCRIPT_URL
with the longest sequence of 'REDIRECT_' prefixes. Ie.,
'REDIRECT_REDIRECT_SCRIPT_URL' takes precedence over 'REDIRECT_SCRIPT_URL'
takes precedence of 'SCRIPT_URL'.
A further case which presents a problem and where the code may not work is
when an internal redirect is performed, it is possible that PATH_INFO from
the parent isn't simply passed through but is modified in the process.
This could result in the final PATH_INFO not even matching what is present
in tail of 'SCRIPT_URL' and so simply dropping off 'SCRIPT_URL' the number
of characters present in 'PATH_INFO' may give incorrect results.
Take for example the convoluted example:
{{{
WSGIScriptAlias /myapp
/Library/WebServer/Sites/hello-1/htdocs/environ.wsgi
RewriteEngine On
RewriteRule ^/welcome(/.*)$ /myapp/about/$1 [QSA,PT,L]
}}}
The variables which go through to the app are:
{{{
PATH_INFO: '/about/index'
QUERY_STRING: ''
REQUEST_URI: '/welcome/index'
SCRIPT_FILENAME: '/Library/WebServer/Sites/hello-1/htdocs/environ.wsgi'
SCRIPT_NAME: '/myapp'
SCRIPT_URI: 'http://hello-1.example.com/welcome/index'
SCRIPT_URL: '/welcome/index'
}}}
For code:
{{{
script_url = environ.get('SCRIPT_URL', u'')
if not script_url:
script_url = environ.get('REDIRECT_URL', u'')
if script_url:
return force_unicode(script_url[:-len(environ.get('PATH_INFO',
''))])
}}}
Pass this through the current algorithm and you get:
{{{
>>> '/welcome/index'[:-len('/about/index')]
'/w'
}}}
which isn't right.
It is because of this latter issue that mod_wsgi hasn't in the past tried
to do fixups to SCRIPT_NAME on internal redirects in Apache, as it can't
know exactly what the nature of any URL manipulations are. This is why
manual fixups in the WSGi script file have been suggested, where people
can tailor it the specifics of the sort of redirect performed. Thus any
automatic fixup in Apache/mod_wsgi seems unlikely.
--
Ticket URL: <http://code.djangoproject.com/ticket/12464#comment:10>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
