SCRIPT_URL on WSGI is misinterpreted when PATH_INFO is empty
|Reported by:||j-sz@…||Owned by:||bpeschier|
|Severity:||Normal||Keywords:||wsgi, script name, negative index slicing, ams2015|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
This bug is pretty obvious. In the dev version it's in django/core/handlers/wsgi.py:235 in get_script_name; in 1.5.1 (where I've found it) it's in django/core/handlers/base.py:280. I haven't checked how long it's been there.
The problem is due to slicing with a negative end index:
script_name = script_url[:-len(path_info)]
It works fine as long as path_info is not empty. On my system it was empty and the whole script_url was truncated.
I've grepped the source tree for '\[:-[^0-9]' to check if there are some other instances of this pattern and it returned a couple of results. I'd suggest examining them and making sure the indices are non-zero.
A patch would be trivial, but I'm not giving it, because I feel that a general function 'chop off n elements from the end' might be handy and I'm not sure where to put it.
Change History (8)
comment:1 follow-up: ↓ 2 Changed 10 months ago by bmispelon
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 in reply to: ↑ 1 Changed 10 months ago by janek37
comment:6 Changed 3 months ago by bpeschier
- Keywords ams2015 added
- Owner changed from nobody to bpeschier
- Status changed from new to assigned
comment:7 Changed 3 months ago by MarkusH
- Has patch set
- Triage Stage changed from Accepted to Ready for checkin