gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (#104067)

Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
author: Ethan Furman <ethan@stoneleaf.us> 2023-05-03 03:42:00 (GMT)
committer: GitHub <noreply@github.com> 2023-05-03 03:42:00 (GMT)
commit: c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a (patch)
tree: d36dfffa5974a55a36fcda2e178a25a2081704d3 /Lib/http
parent: 292076a9aa29aba1023340a0d24252a7b27a454e (diff)
download: cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.zip
cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.tar.gz
cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 971f080..a245ffb 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -791,7 +791,7 @@ class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
             displaypath = urllib.parse.unquote(self.path,
                                                errors='surrogatepass')
         except UnicodeDecodeError:
-            displaypath = urllib.parse.unquote(path)
+            displaypath = urllib.parse.unquote(self.path)
         displaypath = html.escape(displaypath, quote=False)
         enc = sys.getfilesystemencoding()
         title = f'Directory listing for {displaypath}'
author	Ethan Furman <ethan@stoneleaf.us>	2023-05-03 03:42:00 (GMT)
committer	GitHub <noreply@github.com>	2023-05-03 03:42:00 (GMT)
commit	c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a (patch)
tree	d36dfffa5974a55a36fcda2e178a25a2081704d3 /Lib/http
parent	292076a9aa29aba1023340a0d24252a7b27a454e (diff)
download	cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.zip cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.tar.gz cpython-c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a.tar.bz2