In gluon/wsgiserver.py, web2py's development http server will split and
unquote url path, as in line 434:
426
427 # Unquote the path+params (e.g. "/this%20path" -> "this path").
428 #
http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
429 #
430 # But note that "...a URI must be separated into its components
431 # before the escaped characters within those components can be
432 # safely decoded." http://www.ietf.org/rfc/rfc2396.txt, sec
2.4.2
433 try:
434 atoms = [unquote(x) for x in quoted_slash.split(path)]
435 except ValueError, ex:
436 self.simple_response("400 Bad Request", ex.args[0])
437 return
438 path = "%2F".join(atoms)
439 environ["PATH_INFO"] = path
440
the problem is that, in line 438, the path is reformed but every element in
atoms is unquoted, yet "%2F"("/") is still quoted.
This will raise inconsistency issue when applications run under development
mode and production mode. Under development mode, your application will
received quoted url arguments, but under production mode, e.g. deployed with
fcgi, your application will receive unquoted url arguments.
A small patch would fix this:
Index: web2py-read-only/gluon/
wsgiserver.py
===================================================================
--- web2py-read-only/gluon/wsgiserver.py 2010-02-21 12:08:55.000000000
+0800
+++ web2py-read-only/gluon/wsgiserver.py 2010-02-21
12:22:47.000000000 +0800
@@ -88,7 +88,7 @@
import threading
import time
import traceback
-from urllib import unquote
+from urllib import quote, unquote
from urlparse import urlparse
import warnings
@@ -434,7 +434,7 @@
except ValueError, ex:
self.simple_response("400 Bad Request", ex.args[0])
return
- path = "%2F".join(atoms)
+ path = "%2F".join([quote(x) for x in atoms])
environ["PATH_INFO"] = path
# Note that, like wsgiref and most other WSGI servers,
Best regards
--
Luyun Xie
谢路云
http://magefromhell.blogspot.com/
(http://blog.hellmage.info/)
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
Index: web2py-read-only/gluon/
wsgiserver.py
===================================================================
--- web2py-read-only/gluon/wsgiserver.py 2010-02-21 12:08:55.000000000 +0800
+++ web2py-read-only/gluon/wsgiserver.py 2010-02-21 12:22:47.000000000 +0800
@@ -88,7 +88,7 @@
import threading
import time
import traceback
-from urllib import unquote
+from urllib import quote, unquote
from urlparse import urlparse
import warnings
@@ -434,7 +434,7 @@
except ValueError, ex:
self.simple_response("400 Bad Request", ex.args[0])
return
- path = "%2F".join(atoms)
+ path = "%2F".join([quote(x) for x in atoms])
environ["PATH_INFO"] = path
# Note that, like wsgiref and most other WSGI servers,
