Ticket #815 (defect)
Opened 7 months ago
Last modified 6 months ago
cherrypy doesn't handle case where URL path contains multiple slashes
Status: assigned
| Reported by: | guest | Assigned to: | fumanchu (accepted) |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.1 |
| Component: | wsgiserver | Keywords: | |
| Cc: |
If you feed something like
GET //status/Status/ HTTP/1.1
cherrypy will treat status as hostname and Status as path.
As a result links like http://localhost//status/Status/ will produce 404.
Attachments
Change History
05/19/08 09:50:35: Modified by guest
- attachment url.fix.patch added.
05/19/08 09:51:37: Modified by guest
05/25/08 18:52:36: Modified by fumanchu
- status changed from new to assigned.
- component changed from CherryPy code to wsgiserver.
- description changed.
- milestone set to 3.1.
Just to be sure, I perused the BNF-like grammar for HTTP:
Request-URI = "*" | absoluteURI | abs_path | authority abs_path = "/" path_segments path_segments = segment *( "/" segment ) segment = *pchar *( ";" param )
So, although the abs_path style of Request-URI must contain at least one segment, that segment or any other may be zero pchars.
IMO the wsgiserver should not silently translate initial // to /; instead, it should pass the path along unmolested. Application developers who choose to treat the former as a synonym for the latter should re-route it in their applications, not at the HTTP server level.
06/07/08 14:11:28: Modified by fumanchu
Lots of work done in a branch in [1977]. The crux of the matter is that most of Python's URL-handling functions are designed to operate on the full set of URI's, which can be ambiguous. HTTP's Request-URI, however, is an unambiguous subset of URI's, and needs a different set of functions to work correctly and optimally. See the wsgiserver changeset for lots more details.
I've attached the patch(url.fix.patch) that fixes this bug.