Message157979
I had to carefully review a lot of changes for this. In addition, I did setup a apache and tested the behaviors too.
Few notes -
- The test for _url_collapse_path_split is not directly helpful, especially for PATH_INFO. I removed my previous changes I had made as I think, it is a mistake to test PATH_INFO in there.
- There is not a test for path_info, it should be added. I could test only on local apache setup.
- Coming the changes itself, the previous _url_collapse_path_split was just fine for what it is supposed to do. Return head and tail for certain definitions of parsing (removing . and .. and tail is last part and rest is head).
- I incorporated Glenn Linderman logic in is_cgi to have explicit head and tail. Glenn's comment and cgi directories could overridden is important and in that ascept the previous commit had to be changed. I also looked at changes in the patches contained in issue 13893, but I found that those broke behavior or exhibited the security issue again.
taking care of all these, I have the made the changes to the cgi module and also verified pratically that PATH_INFO is indeed sent correctly.
Ran python -m CGIHttpServer and placed cgi-bin/file1.py and sent some requests to verify PATH_INFO. The values were proper.
With this, I think this issue can be closed. The rest of the cgi changes can be handled in their respective issues. A test to PATH_INFO could just be added. |
|
Date |
User |
Action |
Args |
2012-04-10 19:35:28 | orsenthil | set | recipients:
+ orsenthil, fdrake, facundobatista, v+python, python-dev, Giovanni.Funchal |
2012-04-10 19:35:28 | orsenthil | set | messageid: <1334086528.33.0.596599202445.issue10484@psf.upfronthosting.co.za> |
2012-04-10 19:35:27 | orsenthil | link | issue10484 messages |
2012-04-10 19:35:27 | orsenthil | create | |
|