diff options
| -rw-r--r-- | Lib/http/server.py | 8 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2018-10-03-09-25-02.bpo-34711.HeOmKR.rst | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index 22d865f..29c720e 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -692,6 +692,14 @@ class SimpleHTTPRequestHandler(BaseHTTPRequestHandler): else: return self.list_directory(path) ctype = self.guess_type(path) + # check for trailing "/" which should return 404. See Issue17324 + # The test for this was added in test_httpserver.py + # However, some OS platforms accept a trailingSlash as a filename + # See discussion on python-dev and Issue34711 regarding + # parseing and rejection of filenames with a trailing slash + if path.endswith("/"): + self.send_error(HTTPStatus.NOT_FOUND, "File not found") + return None try: f = open(path, 'rb') except OSError: diff --git a/Misc/NEWS.d/next/Library/2018-10-03-09-25-02.bpo-34711.HeOmKR.rst b/Misc/NEWS.d/next/Library/2018-10-03-09-25-02.bpo-34711.HeOmKR.rst new file mode 100644 index 0000000..f3522f3 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2018-10-03-09-25-02.bpo-34711.HeOmKR.rst @@ -0,0 +1,3 @@ +http.server ensures it reports HTTPStatus.NOT_FOUND when the local path ends with "/" +and is not a directory, even if the underlying OS (e.g. AIX) accepts such paths as a +valid file reference. Patch by Michael Felt. |