New submission from Brandon Bloom <[EMAIL PROTECTED]>:
I have a package with a module called "email". If I try to use the
standard email package, it fails to load email.Utils because
email.LazyImporter is looking in my email module instead of the top-
lev
New submission from Brandon Bloom :
This issue came up while doing Google App Engine development. Apparently
the default wsgi handler logic is to cache os.environ into os_environ at
import time. This is reasonable behavior for wsgi, but when using cgi,
this is a serious security hole which
Brandon Bloom added the comment:
> That is, in a true CGI environment, there can't be *multiple* requests
> made to CGIHandler, and so it can't leak. In "normal" (i.e. pre-GAE)
> long-running web environments, os.environ would not contain any request
> infor
Brandon Bloom added the comment:
> Hm. In retrospect, CGIHandler should probably just set os_environ to an
> empty dictionary in its class body (thereby not using the cached
> environ), and this would then work correctly for repeated uses.
>
> This would be a clean bugfix and
