Thank you. I emailed your patch to the author. I'd rather not mantain a fork, besides we are moving to Rocket web2 server in a couple of weeks.
Massimo On Feb 20, 11:47 pm, "Xie&Tian" <[email protected]> wrote: > In gluon/wsgiserver.py, web2py's development http server will split and > unquote url path, as in line 434: > > 426 > > 427 # Unquote the path+params (e.g. "/this%20path" -> "this path"). > 428 #http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2 > 429 # > 430 # But note that "...a URI must be separated into its components > 431 # before the escaped characters within those components can be > 432 # safely decoded."http://www.ietf.org/rfc/rfc2396.txt, sec > 2.4.2 > 433 try: > 434 atoms = [unquote(x) for x in quoted_slash.split(path)] > 435 except ValueError, ex: > 436 self.simple_response("400 Bad Request", ex.args[0]) > 437 return > 438 path = "%2F".join(atoms) > 439 environ["PATH_INFO"] = path > 440 > > the problem is that, in line 438, the path is reformed but every element in > atoms is unquoted, yet "%2F"("/") is still quoted. > > This will raise inconsistency issue when applications run under development > mode and production mode. Under development mode, your application will > received quoted url arguments, but under production mode, e.g. deployed with > fcgi, your application will receive unquoted url arguments. > > A small patch would fix this: > > Index: web2py-read-only/gluon/ > wsgiserver.py > =================================================================== > --- web2py-read-only/gluon/wsgiserver.py 2010-02-21 12:08:55.000000000 > +0800 > +++ web2py-read-only/gluon/wsgiserver.py 2010-02-21 > 12:22:47.000000000 +0800 > @@ -88,7 +88,7 @@ > import threading > import time > import traceback > -from urllib import unquote > +from urllib import quote, unquote > from urlparse import urlparse > import warnings > > @@ -434,7 +434,7 @@ > except ValueError, ex: > self.simple_response("400 Bad Request", ex.args[0]) > return > - path = "%2F".join(atoms) > + path = "%2F".join([quote(x) for x in atoms]) > environ["PATH_INFO"] = path > > # Note that, like wsgiref and most other WSGI servers, > > Best regards > > -- > Luyun Xie > 谢路云http://magefromhell.blogspot.com/ > (http://blog.hellmage.info/) > > web2py_urlpath_quote.patch > 1KViewDownload -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
