[Web-SIG] urllib.unquote in paste.httpserver prevents slashes in path segments
Florian Friesdorf
flo at chaoflow.net
Fri Mar 18 10:42:04 CET 2011
On Fri, 18 Mar 2011 10:36:27 +0100, Florian Friesdorf <flo at chaoflow.net> wrote:
> On Thu, 17 Mar 2011 15:10:56 -0500, Ian Bicking <ianb at colorstudy.com> wrote:
> > It's implied by WSGI itself that the path be unquoted; there's no fix short
> > of changing the specification.
>
> What is WSGI's solution for path segments containing slashes?
Please ignore this post - mail client played tricks on me and I did not
see your further postings before writing this.
> > On Thu, Mar 17, 2011 at 1:10 PM, Florian Friesdorf <flo at chaoflow.net> wrote:
> >
> > >
> > > I think paste.httpserver.WSGIHandlerMixin.wsgi_setup should not
> > > urllib.unquote the path [1] before setting it in the wsgi environment
> > > [2]. The only pre-processing performed on the path between [1] and [2]
> > > is concerned with slashes '/'. By urllib.unquoting it is not possible to
> > > have urllib.quoted slashes within one path segment.
> > >
> > > At least pyramid without routing fully relies on
> > > ``environ['PATH_INFO']`` [3]; by commenting [1] I succeeded to have
> > > slashes in path segments, they are handle by pyramid in [4]f.
> > >
> > > However, webob.request.BaseRequest would need to be adjusted wherever
> > > PATH_INFO from the environment is used (e.g [5]).
> > >
> > > Reasoning: The path stored in environ['PATH_INFO'] is still a path,
> > > therefore it must not be urllib.unquoted, the unquoting must happen
> > > after the path is split up in segments ([4]).
> > >
> > > [1]
> > > https://bitbucket.org/ianb/paste/src/4f5cfde87603/paste/httpserver.py#cl-180
> > > [2]
> > > https://bitbucket.org/ianb/paste/src/4f5cfde87603/paste/httpserver.py#cl-217
> > > [3]
> > > https://github.com/Pylons/pyramid/blob/master/pyramid/traversal.py#L594
> > > [4]
> > > https://github.com/Pylons/pyramid/blob/master/pyramid/traversal.py#L495
> > > [5]
> > > https://bitbucket.org/ianb/webob/src/c0bb5309cfca/webob/request.py#cl-265
> > >
> > > --
> > > Florian Friesdorf <flo at chaoflow.net>
> > > GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
> > > Jabber/XMPP: flo at chaoflow.net
> > > IRC: chaoflow on freenode,ircnet,blafasel,OFTC
> > >
> > > _______________________________________________
> > > Web-SIG mailing list
> > > Web-SIG at python.org
> > > Web SIG: http://www.python.org/sigs/web-sig
> > > Unsubscribe:
> > > http://mail.python.org/mailman/options/web-sig/ianb%40colorstudy.com
> > >
> > >
> Non-text part: text/html
>
> --
> Florian Friesdorf <flo at chaoflow.net>
> GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
> Jabber/XMPP: flo at chaoflow.net
> IRC: chaoflow on freenode,ircnet,blafasel,OFTC
Non-text part: application/pgp-signature
--
Florian Friesdorf <flo at chaoflow.net>
GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
Jabber/XMPP: flo at chaoflow.net
IRC: chaoflow on freenode,ircnet,blafasel,OFTC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/web-sig/attachments/20110318/e16620d2/attachment.pgp>
More information about the Web-SIG
mailing list