SCRIPT_URL on WSGI is misinterpreted when PATH_INFO is empty
|Reported by:||Owned by:||Bas Peschier|
|Severity:||Normal||Keywords:||wsgi, script name, negative index slicing, ams2015|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
This bug is pretty obvious. In the dev version it's in django/core/handlers/wsgi.py:235 in get_script_name; in 1.5.1 (where I've found it) it's in django/core/handlers/base.py:280. I haven't checked how long it's been there.
The problem is due to slicing with a negative end index:
script_name = script_url[:-len(path_info)]
It works fine as long as path_info is not empty. On my system it was empty and the whole script_url was truncated.
I've grepped the source tree for
'\[:-[^0-9]' to check if there are some other instances of this pattern and it returned a couple of results. I'd suggest examining them and making sure the indices are non-zero.
A patch would be trivial, but I'm not giving it, because I feel that a general function 'chop off n elements from the end' might be handy and I'm not sure where to put it.
Change History (8)
comment:1 follow-up: 2 Changed 2 years ago by
|Patch needs improvement:||unset|
comment:6 Changed 20 months ago by
|Owner:||changed from nobody to Bas Peschier|
|Status:||new → assigned|