bpo-34711: Return HTTPStatus.NOT_FOUND if path.endswith('/') and not a directory (GH-9687)

AIX allows a trailing slash on local file system paths, which isn't what we want in http.server. Accordingly, check explicitly for this case in the server code, rather than relying on the OS raising an exception. Patch by Michael Felt.
author: Michael Felt <aixtools@users.noreply.github.com> 2018-12-26 06:43:42 +0100
committer: Nick Coghlan <ncoghlan@gmail.com> 2018-12-26 15:43:42 +1000
commit: 2062a20641febad5eb9c18d74e1cfb4d7a6e53ed (patch)
tree: e1da7d77317cc4428315cacf26ed30a1f64d6d3f /Lib/http
parent: 22462da70c1ae015a60a7b821547bc6d2b5bc265 (diff)
download: cpython-git-2062a20641febad5eb9c18d74e1cfb4d7a6e53ed.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 22d865f2fd..29c720ea7e 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -692,6 +692,14 @@ class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
             else:
                 return self.list_directory(path)
         ctype = self.guess_type(path)
+        # check for trailing "/" which should return 404. See Issue17324
+        # The test for this was added in test_httpserver.py
+        # However, some OS platforms accept a trailingSlash as a filename
+        # See discussion on python-dev and Issue34711 regarding
+        # parseing and rejection of filenames with a trailing slash
+        if path.endswith("/"):
+            self.send_error(HTTPStatus.NOT_FOUND, "File not found")
+            return None
         try:
             f = open(path, 'rb')
         except OSError:
author	Michael Felt <aixtools@users.noreply.github.com>	2018-12-26 06:43:42 +0100
committer	Nick Coghlan <ncoghlan@gmail.com>	2018-12-26 15:43:42 +1000
commit	2062a20641febad5eb9c18d74e1cfb4d7a6e53ed (patch)
tree	e1da7d77317cc4428315cacf26ed30a1f64d6d3f /Lib/http
parent	22462da70c1ae015a60a7b821547bc6d2b5bc265 (diff)
download	cpython-git-2062a20641febad5eb9c18d74e1cfb4d7a6e53ed.tar.gz