[web2py] [patch] url quote in web2py development server

Xie&Tian Sat, 20 Feb 2010 21:47:29 -0800

In gluon/wsgiserver.py, web2py's development http server will split and
unquote url path, as in line 434:


426

427          # Unquote the path+params (e.g. "/this%20path" -> "this path").
428          #
http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
429          #
430          # But note that "...a URI must be separated into its components
431          # before the escaped characters within those components can be
432          # safely decoded." http://www.ietf.org/rfc/rfc2396.txt, sec
2.4.2
433          try:
434              atoms = [unquote(x) for x in quoted_slash.split(path)]
435          except ValueError, ex:
436              self.simple_response("400 Bad Request", ex.args[0])
437              return
438          path = "%2F".join(atoms)
439          environ["PATH_INFO"] = path
440

the problem is that, in line 438, the path is reformed but every element in
atoms is unquoted, yet "%2F"("/") is still quoted.

This will raise inconsistency issue when applications run under development
mode and production mode. Under development mode, your application will
received quoted url arguments, but under production mode, e.g. deployed with
fcgi, your application will receive unquoted url arguments.

A small patch would fix this:

Index: web2py-read-only/gluon/
wsgiserver.py
===================================================================
--- web2py-read-only/gluon/wsgiserver.py   2010-02-21 12:08:55.000000000
+0800
+++ web2py-read-only/gluon/wsgiserver.py        2010-02-21
12:22:47.000000000 +0800
@@ -88,7 +88,7 @@
 import threading
 import time
 import traceback
-from urllib import unquote
+from urllib import quote, unquote
 from urlparse import urlparse
 import warnings

@@ -434,7 +434,7 @@
         except ValueError, ex:
             self.simple_response("400 Bad Request", ex.args[0])
             return
-        path = "%2F".join(atoms)
+        path = "%2F".join([quote(x) for x in atoms])
         environ["PATH_INFO"] = path

         # Note that, like wsgiref and most other WSGI servers,


Best regards

-- 
Luyun Xie
谢路云
http://magefromhell.blogspot.com/
(http://blog.hellmage.info/)

-- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en.

Index: web2py-read-only/gluon/
wsgiserver.py
===================================================================
--- web2py-read-only/gluon/wsgiserver.py   2010-02-21 12:08:55.000000000 +0800
+++ web2py-read-only/gluon/wsgiserver.py   2010-02-21 12:22:47.000000000 +0800
@@ -88,7 +88,7 @@
 import threading
 import time
 import traceback
-from urllib import unquote
+from urllib import quote, unquote
 from urlparse import urlparse
 import warnings

@@ -434,7 +434,7 @@
         except ValueError, ex:
         self.simple_response("400 Bad Request", ex.args[0])
             return
-        path = "%2F".join(atoms)
+        path = "%2F".join([quote(x) for x in atoms])
         environ["PATH_INFO"] = path

         # Note that, like wsgiref and most other WSGI servers,

[web2py] [patch] url quote in web2py development server

Reply via email to