SCRIPT_URL on WSGI is misinterpreted when PATH_INFO is empty

[j-sz@…]

This bug is pretty obvious. In the dev version it's in django/core/handlers/wsgi.py:235 in get_script_name; in 1.5.1 (where I've found it) it's in django/core/handlers/base.py:280. I haven't checked how long it's been there.

The problem is due to slicing with a negative end index:

script_name = script_url[:-len(path_info)]

It works fine as long as path_info is not empty. On my system it was empty and the whole script_url was truncated.

I've grepped the source tree for '\[:-[^0-9]' to check if there are some other instances of this pattern and it returned a couple of results. I'd suggest examining them and making sure the indices are non-zero.

A patch would be trivial, but I'm not giving it, because I feel that a general function 'chop off n elements from the end' might be handy and I'm not sure where to put it.

[Baptiste Mispelon]

Isn't path_info guaranteed to be non-empty because of ​https://github.com/django/django/blob/master/django/core/handlers/wsgi.py#L87-L92?

Could you give us some details on what error you're seeing and how you're triggering it?

Thanks.

[Jan Szejko]

Replying to bmispelon:

Isn't path_info guaranteed to be non-empty because of ​https://github.com/django/django/blob/master/django/core/handlers/wsgi.py#L87-L92?

No, it isn't. Look at it in context: ​https://github.com/django/django/blob/master/django/core/handlers/wsgi.py#L233-L235. It reads PATH_INFO straight from the environment and it assumes an empty string if the variable is not set.

Could you give us some details on what error you're seeing and how you're triggering it?

Thanks.

In my evironment the PATH_INFO variable is not set. I don't get any error message, I just get wrong urls when calling django.core.urlresolvers.reverse or {% url %} template tag. Eg. I have a WSGI server at /foobar/ and the resolve function returns '/some/url/' instead of '/foobar/some/url/'. Easy to see, when SCRIPT_URL variable is set to '/foobar/' and PATH_INFO is not set, get_script_name(environ) will return an empty string while it should return '/foobar/'. Just look at the code, it's obvious: ​https://github.com/django/django/blob/master/django/core/handlers/wsgi.py#L229-L237

[Baptiste Mispelon]

OK, marking this as accepted.

FYI, it's easier for me to triage your ticket if you provide a concrete example of how to trigger the bug because then I know how to try and reproduce it.

If you just point to a line of code, I have to try and figure out where/how that code is used and see if there's a way to trigger the bug in a normal use-case. This can be hard and time consuming, especially if I'm not familiar with the codebase (which is the case here for example).

This is why I asked for more details in my first comment.

Thanks.

[Baptiste Mispelon]

Also, I took a quick look at other instances of '\[:-[^0-9]' and they all seem OK except maybe one.

There's one in ​https://github.com/django/django/blob/master/django/contrib/staticfiles/storage.py#L180 that could be an issue but I couldn't figure out if there's actually a way to trigger the problematic case.
If you can figure it out, please open a separate ticket.

Thanks.

[Jan Szejko]

One way to reproduce this bug is to run in a Django console:

from django.core.handlers.wsgi import get_script_name
get_script_name({'SCRIPT_URL': '/foobar/'})

I'm not sure if it's what you're looking for, but it does the job.

[Markus Holtermann <info@…>]

In 336512fae77ec214ad6db24166b9a8676007cc09:

Fixed #23173 -- Fixed incorrect stripping of SCRIPT_URL