Author jeff.allen
Recipients Claudiu.Popa, ezio.melotti, fwierzbicki, jeff.allen, orsenthil, r.david.murray, terry.reedy
Date 2014-03-04.23:51:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393977089.34.0.0764139163204.issue20155@psf.upfronthosting.co.za>
In-reply-to
Content
I worked out that the essence of the test is to insert an extra \n at the end of a GET request line. The request is syntactically invalid for HTTP. The \n\r\n appears like two blank lines, implying no headers, but the headers then follow where no data should be. The server is supposed to respond with status 501, because it does not, in fact, define a GET operation.

To find the replacement test plausible you have to accept that, with a server that doesn't define GET, the verb may as well be XYZBOGUS. Since the security filter doesn't understand that verb either (unlike GET), it doesn't interfere in the test.
History
Date User Action Args
2014-03-04 23:51:29jeff.allensetrecipients: + jeff.allen, terry.reedy, orsenthil, fwierzbicki, ezio.melotti, r.david.murray, Claudiu.Popa
2014-03-04 23:51:29jeff.allensetmessageid: <1393977089.34.0.0764139163204.issue20155@psf.upfronthosting.co.za>
2014-03-04 23:51:29jeff.allenlinkissue20155 messages
2014-03-04 23:51:28jeff.allencreate