From 32a163ca17e1c3d78945ad2214e6c1fb5a8e0bf1 Mon Sep 17 00:00:00 2001
From: Yiteng Zhang <yiteng.zhang@oracle.com>
Date: Thu, 28 Apr 2016 16:59:25 -0700
Subject: parse_request_uri() incorrectly parses URI which contains ://

---
 cherrypy/wsgiserver/wsgiserver2.py | 8 +++-----
 cherrypy/wsgiserver/wsgiserver3.py | 9 +++++----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/cherrypy/wsgiserver/wsgiserver2.py b/cherrypy/wsgiserver/wsgiserver2.py
index 9abf676f..7bcf216f 100644
--- a/cherrypy/wsgiserver/wsgiserver2.py
+++ b/cherrypy/wsgiserver/wsgiserver2.py
@@ -92,6 +92,7 @@ import time
 import traceback as traceback_
 import operator
 from urllib import unquote
+from urlparse import urlparse
 import warnings
 import errno
 import logging
@@ -830,15 +831,12 @@ class HTTPRequest(object):
         if uri == ASTERISK:
             return None, None, uri
 
-        i = uri.find('://')
-        if i > 0 and QUESTION_MARK not in uri[:i]:
+        scheme, authority, path, params, query, fragment = urlparse(uri)
+        if scheme and QUESTION_MARK not in scheme:
             # An absoluteURI.
             # If there's a scheme (and it must be http or https), then:
             # http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query
             # ]]
-            scheme, remainder = uri[:i].lower(), uri[i + 3:]
-            authority, path = remainder.split(FORWARD_SLASH, 1)
-            path = FORWARD_SLASH + path
             return scheme, authority, path
 
         if uri.startswith(FORWARD_SLASH):
diff --git a/cherrypy/wsgiserver/wsgiserver3.py b/cherrypy/wsgiserver/wsgiserver3.py
index 84df3a34..b7ee36e3 100644
--- a/cherrypy/wsgiserver/wsgiserver3.py
+++ b/cherrypy/wsgiserver/wsgiserver3.py
@@ -92,6 +92,8 @@ import time
 import traceback as traceback_
 import errno
 import logging
+from urllib.parse import urlparse
+
 try:
     # prefer slower Python-based io module
     import _pyio as io
@@ -819,14 +821,13 @@ class HTTPRequest(object):
         if uri == ASTERISK:
             return None, None, uri
 
-        scheme, sep, remainder = uri.partition(b'://')
-        if sep and QUESTION_MARK not in scheme:
+        scheme, authority, path, params, query, fragment = urlparse(uri)
+        if scheme and QUESTION_MARK not in scheme:
             # An absoluteURI.
             # If there's a scheme (and it must be http or https), then:
             # http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query
             # ]]
-            authority, path_a, path_b = remainder.partition(FORWARD_SLASH)
-            return scheme.lower(), authority, path_a + path_b
+            return scheme, authority, path
 
         if uri.startswith(FORWARD_SLASH):
             # An abs_path.
-- 
cgit v1.2.1