diff options
author | Yiteng Zhang <yiteng.zhang@oracle.com> | 2016-04-28 16:59:25 -0700 |
---|---|---|
committer | Yiteng Zhang <yiteng.zhang@oracle.com> | 2016-04-28 16:59:25 -0700 |
commit | 32a163ca17e1c3d78945ad2214e6c1fb5a8e0bf1 (patch) | |
tree | 8e367c7294dcf89f350b21b08d9afe733fd7ee01 | |
parent | c35902e64467db12d17e990b727e92b13a699eca (diff) | |
download | cherrypy-32a163ca17e1c3d78945ad2214e6c1fb5a8e0bf1.tar.gz |
parse_request_uri() incorrectly parses URI which contains ://
-rw-r--r-- | cherrypy/wsgiserver/wsgiserver2.py | 8 | ||||
-rw-r--r-- | cherrypy/wsgiserver/wsgiserver3.py | 9 |
2 files changed, 8 insertions, 9 deletions
diff --git a/cherrypy/wsgiserver/wsgiserver2.py b/cherrypy/wsgiserver/wsgiserver2.py index 9abf676f..7bcf216f 100644 --- a/cherrypy/wsgiserver/wsgiserver2.py +++ b/cherrypy/wsgiserver/wsgiserver2.py @@ -92,6 +92,7 @@ import time import traceback as traceback_ import operator from urllib import unquote +from urlparse import urlparse import warnings import errno import logging @@ -830,15 +831,12 @@ class HTTPRequest(object): if uri == ASTERISK: return None, None, uri - i = uri.find('://') - if i > 0 and QUESTION_MARK not in uri[:i]: + scheme, authority, path, params, query, fragment = urlparse(uri) + if scheme and QUESTION_MARK not in scheme: # An absoluteURI. # If there's a scheme (and it must be http or https), then: # http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query # ]] - scheme, remainder = uri[:i].lower(), uri[i + 3:] - authority, path = remainder.split(FORWARD_SLASH, 1) - path = FORWARD_SLASH + path return scheme, authority, path if uri.startswith(FORWARD_SLASH): diff --git a/cherrypy/wsgiserver/wsgiserver3.py b/cherrypy/wsgiserver/wsgiserver3.py index 84df3a34..b7ee36e3 100644 --- a/cherrypy/wsgiserver/wsgiserver3.py +++ b/cherrypy/wsgiserver/wsgiserver3.py @@ -92,6 +92,8 @@ import time import traceback as traceback_ import errno import logging +from urllib.parse import urlparse + try: # prefer slower Python-based io module import _pyio as io @@ -819,14 +821,13 @@ class HTTPRequest(object): if uri == ASTERISK: return None, None, uri - scheme, sep, remainder = uri.partition(b'://') - if sep and QUESTION_MARK not in scheme: + scheme, authority, path, params, query, fragment = urlparse(uri) + if scheme and QUESTION_MARK not in scheme: # An absoluteURI. # If there's a scheme (and it must be http or https), then: # http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query # ]] - authority, path_a, path_b = remainder.partition(FORWARD_SLASH) - return scheme.lower(), authority, path_a + path_b + return scheme, authority, path if uri.startswith(FORWARD_SLASH): # An abs_path. |