Security fix for StaticURLParser, plus unquote SCRIPT_NAME and PATH_INFO, plus don't double-unquote in StaticURLParser

author: ianb <devnull@localhost> 2006-12-18 00:28:21 +0000
committer: ianb <devnull@localhost> 2006-12-18 00:28:21 +0000
commit: 7c0b1546341ae5761701c4d667cbb6e87327ba19 (patch)
tree: ed070f240b8a249e2e407eecb1993ed558a58682 /paste/wsgilib.py
parent: 165668aae8890fba08a5b40a83a814e4c74bf659 (diff)
download: paste-7c0b1546341ae5761701c4d667cbb6e87327ba19.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/paste/wsgilib.py b/paste/wsgilib.py
index 234f7cc..82a91f0 100644
--- a/paste/wsgilib.py
+++ b/paste/wsgilib.py
@@ -13,6 +13,7 @@ from paste.response import HeaderDict, has_header, header_value, remove_header
 from paste.response import error_body_response, error_response, error_response_app
 
 from traceback import print_exception
+import urllib
 from cStringIO import StringIO
 import sys
 from urlparse import urlsplit
@@ -303,6 +304,7 @@ def raw_interactive(application, path='', raise_on_wsgi_error=False,
         }
     if path:
         (_, _, path_info, query, fragment) = urlsplit(str(path))
+        path_info = urllib.unquote(path_info)
         basic_environ['PATH_INFO'] = path_info
         if query:
             basic_environ['QUERY_STRING'] = query
author	ianb <devnull@localhost>	2006-12-18 00:28:21 +0000
committer	ianb <devnull@localhost>	2006-12-18 00:28:21 +0000
commit	7c0b1546341ae5761701c4d667cbb6e87327ba19 (patch)
tree	ed070f240b8a249e2e407eecb1993ed558a58682 /paste/wsgilib.py
parent	165668aae8890fba08a5b40a83a814e4c74bf659 (diff)
download	paste-7c0b1546341ae5761701c4d667cbb6e87327ba19.tar.gz