[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows
Philipp Hagemeister
report at bugs.python.org
Mon Mar 28 15:59:51 EDT 2016
Philipp Hagemeister added the comment:
Please find attached a patch which adds a testcase for Windows (on all platforms) as well as code to fix the problem. Since os.path.split returns everything after the final slash/backslash, it only needs to be called once.
Note that the usage of posixpath is correct and only relates to the URL parsing - it powers foo/bar/../../ .
The path elements may indeed contain backslashes - that's why we call os.path.split on them.
----------
keywords: +patch
nosy: +phihag
Added file: http://bugs.python.org/file42318/fix-path-traversal-26657.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26657>
_______________________________________
More information about the Python-bugs-list
mailing list