[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-03 Thread Roundup Robot
Roundup Robot added the comment: New changeset 634fe6a90e0c by Martin Panter in branch '3.4': Issue #24657: Prevent CGIRequestHandler from collapsing the URL query https://hg.python.org/cpython/rev/634fe6a90e0c New changeset ba1e3c112e42 by Martin Panter in branch '3.5': Issues #25232, #24657:

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-03 Thread Roundup Robot
Roundup Robot added the comment: New changeset a4302005f9a2 by Martin Panter in branch '2.7': Issue #24657: Prevent CGIRequestHandler from collapsing the URL query https://hg.python.org/cpython/rev/a4302005f9a2 -- ___ Python tracker

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-03 Thread Martin Panter
Martin Panter added the comment: Thanks everyone for the reports and patches. There were a couple of subtle compatibility tweaks needed for the 3.4 and 2.7 branches, but I think I got them all. -- resolution: -> fixed status: open -> closed ___

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-03 Thread Martin Panter
Changes by Martin Panter : -- stage: commit review -> resolved ___ Python tracker ___

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-02 Thread Xiang Zhang
Xiang Zhang added the comment: Yes, there seems to still exist some defects not conforming to the specification. I would like to investigate it. Maybe I can propose a patch for it. -- ___ Python tracker

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-02 Thread Martin Panter
Changes by Martin Panter : -- assignee: -> martin.panter nosy: +berker.peksag stage: patch review -> commit review ___ Python tracker

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-10-01 Thread Martin Panter
Martin Panter added the comment: The patch looks like it will fix this particular bug without much negative impact. However there are plenty of other problems with this module’s URL handling, see Issue 14567. I think the translate_path(), _url_collapse_path(), is_cgi(), run_cgi(), etc

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-25 Thread Xiang Zhang
Xiang Zhang added the comment: The path with query component are unquoted entirely and then pass into _url_collapse_path. I think this behaviour is wrong and according to rfc3875 query component should be left encoded in QUERY_STRING. This patch seems to solve the problem. It passes the tests

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-25 Thread Martin Panter
Martin Panter added the comment: It would be good to have a regression test case for this one too. -- stage: needs patch -> patch review ___ Python tracker

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-25 Thread Xiang Zhang
Xiang Zhang added the comment: Add the testcase and use str.partition. -- Added file: http://bugs.python.org/file40585/cgihander.patch ___ Python tracker

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-23 Thread Xiang Zhang
Xiang Zhang added the comment: I think this is a bug. According to the rfcs, "/" is a reserved character in query component and continuous "/" in query component may be invalid and how to deal with it depends on the server. But encoded "/", %2F, acts as data and should be preserved. And

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-21 Thread takayuki
takayuki added the comment: This bug seems to remain in Python 3.5.0. How to reproduce: 1. Save the attached cgitest.py into cgi-bin directory and changed it to executable file by "chmod +x cgitest.py" 2. Run CGIHTTPRequestHandler [GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux Type "help",

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-09-21 Thread Martin Panter
Martin Panter added the comment: Yes it also seems to apply to Python 3. Perhaps you forgot your test script, so I made my own. After running python3 -m http.server --cgi The response from the following URL has no double slashes to be seen:

[issue24657] CGIHTTPServer module discard continuous '/' letters from params given by GET method.

2015-07-17 Thread takayuki
New submission from takayuki: I executed CGIHTTPServer and requested the following URI, http://localhost:8000/cgi-bin/test.py?k=aa%2F%2Fbb; to pass aa//bb as argument k, but test.py received aa/bb. I looked in CGIHTTPServer.py and found _url_collapse_path function discards continuous slash