merge 3.2 (#21766)
This commit is contained in:
commit
6cd1954c5c
|
@ -971,7 +971,7 @@ class CGIHTTPRequestHandler(SimpleHTTPRequestHandler):
|
|||
(and the next character is a '/' or the end of the string).
|
||||
|
||||
"""
|
||||
collapsed_path = _url_collapse_path(self.path)
|
||||
collapsed_path = _url_collapse_path(urllib.parse.unquote(self.path))
|
||||
dir_sep = collapsed_path.find('/', 1)
|
||||
head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]
|
||||
if head in self.cgi_directories:
|
||||
|
|
|
@ -464,6 +464,11 @@ class CGIHTTPServerTestCase(BaseTestCase):
|
|||
(res.read(), res.getheader('Content-type'), res.status))
|
||||
self.assertEqual(os.environ['SERVER_SOFTWARE'], signature)
|
||||
|
||||
def test_urlquote_decoding_in_cgi_check(self):
|
||||
res = self.request('/cgi-bin%2ffile1.py')
|
||||
self.assertEqual((b'Hello World\n', 'text/html', 200),
|
||||
(res.read(), res.getheader('Content-type'), res.status))
|
||||
|
||||
|
||||
class SocketlessRequestHandler(SimpleHTTPRequestHandler):
|
||||
def __init__(self):
|
||||
|
|
|
@ -13,6 +13,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
|
||||
before checking for a CGI script at that path.
|
||||
|
||||
- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second
|
||||
parameter. Bug reported by Guido Vranken.
|
||||
|
||||
|
|
Loading…
Reference in New Issue