Message 157979 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	orsenthil
Recipients	Giovanni.Funchal, facundobatista, fdrake, orsenthil, python-dev, v+python
Date	2012-04-10.19:35:27
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1334086528.33.0.596599202445.issue10484@psf.upfronthosting.co.za>
In-reply-to

Content
I had to carefully review a lot of changes for this. In addition, I did setup a apache and tested the behaviors too. Few notes - - The test for _url_collapse_path_split is not directly helpful, especially for PATH_INFO. I removed my previous changes I had made as I think, it is a mistake to test PATH_INFO in there. - There is not a test for path_info, it should be added. I could test only on local apache setup. - Coming the changes itself, the previous _url_collapse_path_split was just fine for what it is supposed to do. Return head and tail for certain definitions of parsing (removing . and .. and tail is last part and rest is head). - I incorporated Glenn Linderman logic in is_cgi to have explicit head and tail. Glenn's comment and cgi directories could overridden is important and in that ascept the previous commit had to be changed. I also looked at changes in the patches contained in issue 13893, but I found that those broke behavior or exhibited the security issue again. taking care of all these, I have the made the changes to the cgi module and also verified pratically that PATH_INFO is indeed sent correctly. Ran python -m CGIHttpServer and placed cgi-bin/file1.py and sent some requests to verify PATH_INFO. The values were proper. With this, I think this issue can be closed. The rest of the cgi changes can be handled in their respective issues. A test to PATH_INFO could just be added.

I had to carefully review a lot of changes for this. In addition, I did setup a apache and tested the behaviors too. 

Few notes - 
-  The test for _url_collapse_path_split is not directly helpful, especially for PATH_INFO. I removed my previous changes I had made as I think, it is a mistake to test PATH_INFO in there.
- There is not a test for path_info, it should be added. I could test only on local apache setup.
- Coming the changes itself, the previous _url_collapse_path_split was just fine for what it is supposed to do. Return head and tail for certain definitions of parsing (removing . and .. and tail is last part and rest is head).
- I incorporated Glenn Linderman logic in is_cgi to have explicit head and tail. Glenn's comment and cgi directories could overridden is important and in that ascept the previous commit had to be changed. I also looked at changes in the patches contained in issue 13893, but I found that those broke behavior or exhibited the security issue again.

taking care of all these, I have the made the changes to the cgi module and also verified pratically that PATH_INFO is indeed sent correctly. 

Ran python -m CGIHttpServer and placed cgi-bin/file1.py  and sent some requests to verify PATH_INFO. The values were proper.

With this, I think this issue can be closed. The rest of the cgi changes can be handled in their respective issues. A test to PATH_INFO could just be added.

History
Date	User	Action	Args
2012-04-10 19:35:28	orsenthil	set	recipients: + orsenthil, fdrake, facundobatista, v+python, python-dev, Giovanni.Funchal
2012-04-10 19:35:28	orsenthil	set	messageid: <1334086528.33.0.596599202445.issue10484@psf.upfronthosting.co.za>
2012-04-10 19:35:27	orsenthil	link	issue10484 messages
2012-04-10 19:35:27	orsenthil	create