[issue28679] CGIHTTPServer displays raw python code when the url contains '/' after '?'

2016-11-12 Thread Yudai Fujiwara 

Changes by Yudai Fujiwara :


--
components: Library (Lib)
nosy: Yudai Fujiwara
priority: normal
severity: normal
status: open
title: CGIHTTPServer displays raw python code when the url contains '/' after 
'?'
type: security
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue28679>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28679] CGIHTTPServer displays raw python code when the url contains '/' after '?'

2016-11-12 Thread Yudai Fujiwara 

New submission from Yudai Fujiwara:

I made a simple CGI server and prepared index.py on the root directory.
When I access to '/index.py?value=data', it displays 'value = data', which is 
working correctly.
However, when I access to '/index.py?/' or something like this, it displays its 
raw python code.
It seems that this bug occurs when I access to a url that contains '/' after '?'

--
Added file: http://bugs.python.org/file45467/index.py

___
Python tracker 
<http://bugs.python.org/issue28679>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28679] CGIHTTPServer displays raw python code when the url contains '/' after '?'

2016-11-13 Thread Yudai Fujiwara 

Yudai Fujiwara added the comment:

Thanks for your reply. I uploaded server.py.
I'm using python 2.7.5 to run server.py on CentOS 7.
Both server.py and index.py are located in /var/www/html.

$ ls -lh
-rwxr-xr-x. 1 root root 189 11月 13 11:21 index.py
-rw-r--r--. 1 root root 239 11月 13 21:04 server.py

This is the response from the server when it works correctly:
$ ncat 192.168.3.5 8000
GET /index.py?value=data HTTP/1.1

HTTP/1.0 200 Script output follows
Server: SimpleHTTP/0.6 Python/2.7.5
Date: Sun, 13 Nov 2016 12:18:49 GMT
Content-type: text/html

value = data

And this is the response when the bug occurs:
$ ncat 192.168.3.5
GET /index.py?/ HTTP/1.1

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/2.7.5
Date: Sun, 13 Nov 2016 12:06:42 GMT
Content-type: text/plain
Content-Length: 189
Last-Modified: Sun, 13 Nov 2016 02:21:11 GMT

#!/usr/bin/env python
# coding: utf-8
import cgi

form = cgi.FieldStorage()

print("Content-type: text/html")
print("")
print("value = {0}".format( form.getvalue('value', 'None') )

The server.py is running on the terminal and it seems to be working perfectly:
$ python server.py
192.168.3.5 - - [13/Nov/2016 21:18:49] "GET /index.py?value=data HTTP/1.1" 200 -
192.168.3.5 - - [13/Nov/2016 21:20:42] "GET /index.py?/ HTTP/1.1" 200 -

Maybe the configuration in server.py is wrong?

--
Added file: http://bugs.python.org/file45472/server.py

___
Python tracker 
<http://bugs.python.org/issue28679>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28679] CGIHTTPServer displays raw python code when the url contains '/' after '?'

2016-11-13 Thread Yudai Fujiwara 

Yudai Fujiwara added the comment:

I've just installed 2.7.11 and the bug seems to be fixed.
Thank you for your accurate solution!

Closed.

--
resolution:  -> out of date
status: open -> closed

___
Python tracker 
<http://bugs.python.org/issue28679>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com