diff options
| author | Ned Deily <nad@acm.org> | 2014-07-13 05:16:56 (GMT) |
|---|---|---|
| committer | Ned Deily <nad@acm.org> | 2014-07-13 05:16:56 (GMT) |
| commit | 5d0d2e6ed6b6ca99d7aa1f9a5ff9c4b0fa545f76 (patch) | |
| tree | 4dafdea7ff6186c5aec284ac45080a68fdf09586 /Lib/http | |
| parent | ad5ffd4767802dfc34e3ae2d7960f1610d58cdcc (diff) | |
| parent | 217f4cd7ee587310587f70c28cd3b25c722275ba (diff) | |
| download | cpython-5d0d2e6ed6b6ca99d7aa1f9a5ff9c4b0fa545f76.zip cpython-5d0d2e6ed6b6ca99d7aa1f9a5ff9c4b0fa545f76.tar.gz cpython-5d0d2e6ed6b6ca99d7aa1f9a5ff9c4b0fa545f76.tar.bz2 | |
Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435. Patch by Zach Byrne.
Diffstat (limited to 'Lib/http')
| -rw-r--r-- | Lib/http/server.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index c98df19..2a95028 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -1000,16 +1000,16 @@ class CGIHTTPRequestHandler(SimpleHTTPRequestHandler): def run_cgi(self): """Execute a CGI script.""" dir, rest = self.cgi_info - - i = rest.find('/') + path = dir + '/' + rest + i = path.find('/', len(dir)+1) while i >= 0: - nextdir = rest[:i] - nextrest = rest[i+1:] + nextdir = path[:i] + nextrest = path[i+1:] scriptdir = self.translate_path(nextdir) if os.path.isdir(scriptdir): dir, rest = nextdir, nextrest - i = rest.find('/') + i = path.find('/', len(dir)+1) else: break |