Glenn Linderman <v+pyt...@g.nevcal.com> added the comment: Another issue with the patch, is that it doesn't do .. and . collapsing on the PATH_INFO part of the path.
It is possible for a path like /cgi-bin/script.py/../../plain-file.html to be passed to the server. I guess the question is if it should serve plain-file.html or if it should pass "../../plain-file.html" to script.py as its PATH_INFO. I would think the former would be appropriate. I would have to do research to determine if some standard states otherwise. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10484> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com