[http://www.cherrypy.org/browser/trunk/cherrypy/wsgiserver/__init__.py?rev=2650#L566]
| 566 | # Unquote the path+params (e.g. "/this%20path" -> "/this path"). |
|---|---|
| 567 | # http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2 |
| 568 | # |
| 569 | # But note that "...a URI must be separated into its components |
| 570 | # before the escaped characters within those components can be |
| 571 | # safely decoded." http://www.ietf.org/rfc/rfc2396.txt, sec 2.4.2 |
| 572 | # Therefore, "/this%2Fpath" becomes "/this%2Fpath", not "/this/path". |
| 573 | try: |
| 574 | atoms = [unquote(x) for x in quoted_slash.split(path)] |
| 575 | except ValueError, ex: |
| 576 | self.simple_response("400 Bad Request", ex.args[0]) |
| 577 | return |
| 578 | path = "%2F".join(atoms) |
| 579 | self.path = path |
574行中,url路径被分割后全部逆转义(unquote);在578行中,url路径被用"%2F"(即斜杠“/”)恢复。
问题就出在578行。"%2F"是一个转义了的(quote)字符,url路径也应该是被转义了的,而显然atoms列表里的所有元素都已经被逆转义而没有被再次转义。将url逆转义应该是应用程序的责任。这个bug会让应用程序在开发期间产生错觉,因为从开发服务器得到的url都是被转义过的;而在生产模式使用fcgi/mod_python部署之后应用程序得到的url就变成了没有被转义的原始url,措手不及。
没有评论:
发表评论