diff options
author | ianb <devnull@localhost> | 2006-12-18 00:28:21 +0000 |
---|---|---|
committer | ianb <devnull@localhost> | 2006-12-18 00:28:21 +0000 |
commit | 7c0b1546341ae5761701c4d667cbb6e87327ba19 (patch) | |
tree | ed070f240b8a249e2e407eecb1993ed558a58682 /paste/wsgilib.py | |
parent | 165668aae8890fba08a5b40a83a814e4c74bf659 (diff) | |
download | paste-7c0b1546341ae5761701c4d667cbb6e87327ba19.tar.gz |
Security fix for StaticURLParser, plus unquote SCRIPT_NAME and PATH_INFO, plus don't double-unquote in StaticURLParser
Diffstat (limited to 'paste/wsgilib.py')
-rw-r--r-- | paste/wsgilib.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/paste/wsgilib.py b/paste/wsgilib.py index 234f7cc..82a91f0 100644 --- a/paste/wsgilib.py +++ b/paste/wsgilib.py @@ -13,6 +13,7 @@ from paste.response import HeaderDict, has_header, header_value, remove_header from paste.response import error_body_response, error_response, error_response_app from traceback import print_exception +import urllib from cStringIO import StringIO import sys from urlparse import urlsplit @@ -303,6 +304,7 @@ def raw_interactive(application, path='', raise_on_wsgi_error=False, } if path: (_, _, path_info, query, fragment) = urlsplit(str(path)) + path_info = urllib.unquote(path_info) basic_environ['PATH_INFO'] = path_info if query: basic_environ['QUERY_STRING'] = query |