Skip to content

bpo-38863: Improve is_cgi() in http.server #17312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 22, 2019
Merged

bpo-38863: Improve is_cgi() in http.server #17312

merged 1 commit into from
Nov 22, 2019

Conversation

kkangshawn
Copy link
Contributor

@kkangshawn kkangshawn commented Nov 21, 2019
edited by miss-islington
Loading

is_cgi() function of http.server library does not currently handle a
cgi script if one of the cgi_directories is located at the
sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler
class separates given path into (dir, rest) based on the first seen
'/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided
into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub'
exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
This patch makes the is_cgi() keep expanding dir part to the next '/'
then checking if that expanded path exists in the cgi_directories.

Signed-off-by: Siwon Kang [email protected]

https://bugs.python.org/issue38863

Automerge-Triggered-By: @asvetlov

corona10
corona10 reviewed Nov 21, 2019
View reviewed changes
Copy link
Member

@corona10 corona10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I now understood what you want to say.
Can you please write the unit test for this?
You can easily provide the test case within inherit CGIHTTPRequestHandler

corona10
corona10 requested changes Nov 21, 2019
View reviewed changes
Copy link
Member

@corona10 corona10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a news for changing.
You can follow the below guide.
https://devguide.python.org/committing/#what-s-new-and-news-entries

Thank you for the contribution

corona10
corona10 reviewed Nov 21, 2019
View reviewed changes
@corona10 corona10 requested review from vadmium and asvetlov November 21, 2019 07:21
@corona10
Copy link
Member

@asvetlov @vadmium,

Dear core developers,

@kkangshawn is a first-time contributor to this project.
Please guide for his first PR :)

Thanks for your understanding.

@corona10 corona10 added the type-bug An unexpected behavior, bug, or error label Nov 21, 2019
corona10
corona10 requested changes Nov 21, 2019
View reviewed changes
@kkangshawn
bpo-38863: Improve is_cgi() in http.server
3cb0503 
is_cgi() function of http.server library does not currently handle a
cgi script if one of the cgi_directories is located at the
sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler
class separates given path into (dir, rest) based on the first seen
'/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided
into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub'
exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
This patch makes the is_cgi() keep expanding dir part to the next '/'
then checking if that expanded path exists in the cgi_directories.

Signed-off-by: Siwon Kang <[email protected]>
@corona10 corona10 requested a review from ethanfurman November 22, 2019 07:19
corona10
corona10 approved these changes Nov 22, 2019
View reviewed changes
Copy link
Member

@corona10 corona10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am okay with the current change, but the final decision will be decided by core developers.
In case, you should discuss the change will be applied or not on https://bugs.python.org/issue38863

I add the @ethanfurman as the cgi expert.

@kkangshawn
Copy link
Contributor Author

Thank you @corona10 for everything you have helped me on my first contribution to the python project! I expect to see you next :)

@miss-islington miss-islington merged commit 91daa9d into python:master Nov 22, 2019
@asvetlov
Copy link
Contributor

asvetlov commented Nov 22, 2019
edited
Loading

Thanks for your contribution.
Since the PR is an enhancement it should be applied to the next Python.
We have the policy to backport bug fixes only.

@corona10 corona10 added type-feature A feature request or enhancement and removed type-bug An unexpected behavior, bug, or error labels Nov 22, 2019
@kkangshawn
Copy link
Contributor Author

I get it. Thank you @asvetlov for the review!

@pablogsal
Copy link
Member

pablogsal commented Dec 3, 2019
edited
Loading

This pull request introduced a reference leak in test_httpservers. lease, check out https://bugs.python.org/issue38962 or the refleak buildbots for more info.

Reverting commit 91daa9d fixes the problem.

I opened #17454 to fix the issue

jacobneiltaylor pushed a commit to jacobneiltaylor/cpython that referenced this pull request Dec 5, 2019
@kkangshawn
bpo-38863: Improve is_cgi() in http.server (pythonGH-17312)
8b37f0b 
is_cgi() function of http.server library does not currently handle a
cgi script if one of the cgi_directories is located at the
sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler
class separates given path into (dir, rest) based on the first seen
'/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided
into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub'
exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
This patch makes the is_cgi() keep expanding dir part to the next '/'
then checking if that expanded path exists in the cgi_directories.

Signed-off-by: Siwon Kang <[email protected]>





https://bugs.python.org/issue38863
shihai1991 pushed a commit to shihai1991/cpython that referenced this pull request Jan 31, 2020
@kkangshawn @shihai1991
bpo-38863: Improve is_cgi() in http.server (pythonGH-17312)
6f4caad 
is_cgi() function of http.server library does not currently handle a
cgi script if one of the cgi_directories is located at the
sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler
class separates given path into (dir, rest) based on the first seen
'/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided
into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub'
exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
This patch makes the is_cgi() keep expanding dir part to the next '/'
then checking if that expanded path exists in the cgi_directories.

Signed-off-by: Siwon Kang <[email protected]>





https://bugs.python.org/issue38863
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asvetlov asvetlov asvetlov approved these changes

@corona10 corona10 corona10 approved these changes

@vadmium vadmium Awaiting requested review from vadmium

@ethanfurman ethanfurman Awaiting requested review from ethanfurman

Assignees
No one assigned
Labels
type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kkangshawn @corona10 @asvetlov @pablogsal @the-knights-who-say-ni @bedevere-bot @miss-islington