#15718: Django unquotes urls and not able to distinguish %2F and /
----------------------------------------------+---------------------------
Reporter: fed239 | Owner: nobody
Status: new | Milestone:
Component: Core (Other) | Version: 1.2
Keywords: urls, url resolver, unquote, %2F | Triage Stage: Unreviewed
Has patch: 0 |
----------------------------------------------+---------------------------
I've found that in basehttp.py there is a line
{{{
env['PATH_INFO'] = urllib.unquote(path)
}}}
It replaces all URL-escaped symbols with original symbols. This leads to a
situation that you can not properly handle urls with quoted symbols in
your urls.py. For example url http://example.com/blah%2Fblah%2Fblah/ will
be matched by regexp ^/(\w+)/(\w+)/(\w+)/$
Under apache with mod_wsgi this seems to lead to even more interesting
problem. When %2F is present in URL, request is not handled by django and
user gets 404 error directly from apache. Try
http://www.djangoproject.com/%2F
--
Ticket URL: <http://code.djangoproject.com/ticket/15718>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
