[Python-checkins] gh-100474: Fix handling of dirs named index.html in http.server (GH-100475)

miss-islington webhook-mailer at python.org
Sat Dec 24 13:29:06 EST 2022 

https://github.com/python/cpython/commit/46e6a28308def2c3a71c679a6fa4ed7d520802b9
commit: 46e6a28308def2c3a71c679a6fa4ed7d520802b9
branch: main
author: James Frost <git at frost.cx>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-12-24T10:28:59-08:00
summary:

gh-100474: Fix handling of dirs named index.html in http.server (GH-100475)



If you had a directory called index.html or index.htm within a directory, it would cause http.server to return a 404 Not Found error instead of the directory listing. This came about due to not checking that the index was a regular file.

I have also added a test case for this situation.

Automerge-Triggered-By: GH:merwok

files:
A Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst
M Lib/http/server.py
M Lib/test/test_httpservers.py

diff --git a/Lib/http/server.py b/Lib/http/server.py
index 8acabff605e7..221c8be4ae4b 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -711,7 +711,7 @@ def send_head(self):
                 return None
             for index in self.index_pages:
                 index = os.path.join(path, index)
-                if os.path.exists(index):
+                if os.path.isfile(index):
                     path = index
                     break
             else:
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index ca078862cca6..cbcf94136ac4 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -489,6 +489,9 @@ def test_get(self):
         self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
         response = self.request('/' + 'ThisDoesNotExist' + '/')
         self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
+        os.makedirs(os.path.join(self.tempdir, 'spam', 'index.html'))
+        response = self.request(self.base_url + '/spam/')
+        self.check_status_and_reason(response, HTTPStatus.OK)
 
         data = b"Dummy index file\r\n"
         with open(os.path.join(self.tempdir_name, 'index.html'), 'wb') as f:
diff --git a/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst b/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst
new file mode 100644
index 000000000000..31abfb8b87fb
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst
@@ -0,0 +1,2 @@
+:mod:`http.server` now checks that an index page is actually a regular file before trying
+to serve it.  This avoids issues with directories named ``index.html``.

More information about the Python-checkins mailing list