[issue2254] Python CGIHTTPServer information disclosure

2009-04-05 Thread Gregory P. Smith
Gregory P. Smith added the comment: Fixed in trunk r71303. This potentially changes the behavior of CGIHTTPServer (for the better) so this is probably not appropriate to backport to a release branch unless someone really considers the security of this to be severe. If backported, the new modul

[issue2254] Python CGIHTTPServer information disclosure

2009-04-05 Thread Gregory P. Smith
Changes by Gregory P. Smith : Removed file: http://bugs.python.org/file9628/CGIHTTPServer_is_cgi_fix.diff ___ Python tracker ___ ___ Python-bug

[issue2254] Python CGIHTTPServer information disclosure

2009-04-05 Thread Gregory P. Smith
Gregory P. Smith added the comment: fyi - Your patch does not work on windows as it uses os.path for uri manipulation. that means it behaves differently with regards to / and \ based on platform. I'm making a new one. I've written a unittest. should be fixed soon. -- __

[issue2254] Python CGIHTTPServer information disclosure

2008-05-25 Thread Gregory P. Smith
Gregory P. Smith <[EMAIL PROTECTED]> added the comment: Could you please create a test case for this as a patch to Lib/test/test_httpservers.py? thanks! -- assignee: -> gregory.p.smith nosy: +gregory.p.smith priority: -> normal __ Tracker <[EMAIL PROTE

[issue2254] Python CGIHTTPServer information disclosure

2008-03-07 Thread Guilherme Polo
Guilherme Polo added the comment: This corrects is_cgi docstring (maybe this should be done in a new issue?). It also removes a part of it that I believe to not be necessary, someone correct me if I'm wrong. Added file: http://bugs.python.org/file9632/CGIHTTPServer_is_cgi_doc_fix.diff _

[issue2254] Python CGIHTTPServer information disclosure

2008-03-07 Thread Guilherme Polo
Guilherme Polo added the comment: oops, I was doing some tests in the last patch and left a bug in it. I'm attaching a new one. Added file: http://bugs.python.org/file9629/CGIHTTPServer_is_cgi_fix2.diff __ Tracker <[EMAIL PROTECTED]>

[issue2254] Python CGIHTTPServer information disclosure

2008-03-07 Thread Guilherme Polo
Guilherme Polo added the comment: I'm attaching a patch that fixes this, it was done for rev 61179 (trunk). Note that is_cgi method is incorrectly documented, even more now. Only the first line in its docstring is correct now, before this patch, last paragraph was correct too. -- keywor

[issue2254] Python CGIHTTPServer information disclosure

2008-03-07 Thread sumar
New submission from sumar: Summary: An information disclosure flaw exists in standard python CGIHTTPServer module. Bug is confirmed in