This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: CGIRequestHandler behave incorrectly with query component consisting mutliple ?
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.6, Python 3.4, Python 3.5, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: martin.panter Nosy List: berker.peksag, martin.panter, python-dev, xiang.zhang
Priority: normal Keywords: patch

Created on 2015-09-25 15:44 by xiang.zhang, last changed 2022-04-11 14:58 by admin. This issue is now closed.

File name Uploaded Description Edit
multiple?.diff xiang.zhang, 2015-09-25 15:44 Fix CGIRequestHandler about multiple ? query component review
multiple?.patch xiang.zhang, 2015-09-26 03:34 Add a testcase and use partition review
Messages (6)
msg251586 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2015-09-25 15:44
According to rfc3986, section 3.4:

 The query component is indicated by the first question
 mark ("?") character and terminated by a number sign ("#") character
 or by the end of the URI.

 The characters slash ("/") and question mark ("?") may represent data
 within the query component.

But for CGIRequestHandler, it uses the content after the last ? as
query component. For uri http://localhost:8000/cgi-bin/test.py?a=b?c=d,
the QUERY_STRING is c=d.
msg251617 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-09-25 22:07
Thanks for the report and patch. Would you be interested in making a new regression test for this bug?

While we are fixing this code, we might as well simplify that whole “if” block to

[rest, query] = rest.partition("?")
msg251632 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2015-09-26 03:34
I add a testcase but I worry it's not in the right format. Please review it. Partition is a good choice here.
msg252081 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2015-10-02 03:25
The test case looks okay to me. IMO using numbers for variable names (cgi_file4 etc) is a terrible idea, but I understand you are just conforming to the existing code :)
msg252195 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-10-03 06:44
New changeset 969afbf501af by Martin Panter in branch '3.4':
Issue #25232: Fix CGIRequestHandler's splitting of URL query

New changeset ba1e3c112e42 by Martin Panter in branch '3.5':
Issues #25232, #24657: Merge two CGI server fixes from 3.4 into 3.5

New changeset 88918f2a54df by Martin Panter in branch '3.5':
Issues #25232, #24657: Use new enum status to match rest of tests

New changeset 0f03023d4318 by Martin Panter in branch 'default':
Issues #25232, #24657: Merge two CGI server fixes from 3.5

New changeset 3c006ee38287 by Martin Panter in branch 'default':
Issues #25232, #24657: Add NEWS to 3.6.0a1 section
msg252197 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-10-03 07:27
New changeset b12b30dc8617 by Martin Panter in branch '2.7':
Issue #25232: Fix CGIRequestHandler's splitting of URL query
Date User Action Args
2022-04-11 14:58:21adminsetgithub: 69419
2015-10-03 07:40:56martin.pantersetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2015-10-03 07:27:40python-devsetmessages: + msg252197
2015-10-03 06:44:36python-devsetnosy: + python-dev
messages: + msg252195
2015-10-03 05:27:13martin.pantersetassignee: martin.panter

nosy: + berker.peksag
stage: patch review -> commit review
2015-10-02 03:25:51martin.pantersetmessages: + msg252081
2015-10-01 22:41:14martin.panterlinkissue10485 superseder
2015-09-26 03:34:04xiang.zhangsetfiles: + multiple?.patch

messages: + msg251632
2015-09-25 22:07:06martin.pantersetversions: + Python 2.7, Python 3.4, Python 3.5
nosy: + martin.panter

messages: + msg251617

components: + Library (Lib)
stage: patch review
2015-09-25 15:45:15xiang.zhangsettype: behavior
versions: + Python 3.6
2015-09-25 15:44:41xiang.zhangcreate