Message 251479 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xiang.zhang
Recipients	martin.panter, takayuki, xiang.zhang
Date	2015-09-24.03:03:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1443063786.17.0.351119792753.issue24657@psf.upfronthosting.co.za>
In-reply-to

Content
I think this is a bug. According to the rfcs, "/" is a reserved character in query component and continuous "/" in query component may be invalid and how to deal with it depends on the server. But encoded "/", %2F, acts as data and should be preserved. And from rfc3875, QUERY_STRING must be passed encoded. I tested in apache2.4 with martin's script, query string is: ('QUERY_STRING', 'k=aa%2F%2Fbb&//q//p//=//a//b//') In python's CGI server, it is: ('QUERY_STRING', 'k=aa/bb&/q/p/=/a/b/'),

I think this is a bug. 

According to the rfcs, "/" is a reserved character in query component and continuous "/" in query component may be invalid and how to deal with it depends on the server. But encoded "/", %2F, acts as data and should be preserved. And from rfc3875, QUERY_STRING must be passed encoded.

I tested in apache2.4 with martin's script, query string is:

('QUERY_STRING', 'k=aa%2F%2Fbb&//q//p//=//a//b//')

In python's CGI server, it is:

('QUERY_STRING', 'k=aa/bb&/q/p/=/a/b/'),

History
Date	User	Action	Args
2015-09-24 03:03:06	xiang.zhang	set	recipients: + xiang.zhang, takayuki, martin.panter
2015-09-24 03:03:06	xiang.zhang	set	messageid: <1443063786.17.0.351119792753.issue24657@psf.upfronthosting.co.za>
2015-09-24 03:03:06	xiang.zhang	link	issue24657 messages
2015-09-24 03:03:05	xiang.zhang	create