On Oct 10, 2007, at 10:57 AM, Maas-Maarten Zeeman wrote:
Hello David,
Would this patch (in web.py) work as well?
if (env.get('SCRIPT_NAME') and
- env.get('SCRIPT_NAME') == env.get('REQUEST_URI') and
env.get('SCRIPT_NAME').startswith(self.script_name) and
env.get('PATH_INFO') is None):
# This looks like it is coming through mod_scgi and
# needs repair.
env['PATH_INFO'] = env['SCRIPT_NAME'][len
(self.script_name):]
env['SCRIPT_NAME'] = self.script_name
- assert env['SCRIPT_NAME'] + env['PATH_INFO'] == env
['REQUEST_URI']
No this will not work. For some reason apache + mod_ssl (checked
2.0 and 2.2) returns the SCRIPT_NAME unquoted, and the REQUEST_URI
quoted (as it was received). Example::
When a browser visits: http://www.some.site.com/url%31, apache +
mod_ssl will set the SCRIPT_NAME to http://www.some.site.com/url1
and REQUEST_URI to http://www.some.site.com/url%31. This differs,
so the repair will not be made. In that case the PATH_INFO will be
empty, so you will get the index page of your site. Thats why I
unqoted before checking.
Did you notice the "-" signs o the lines above? The patch removes
those lines so that the REQUEST_URI is not involved at all in
this environment hacking.
_______________________________________________
QP mailing list
[email protected]
http://mail.mems-exchange.org/mailman/listinfo/qp
