Issue 2551381
Created on 2024-12-15 05:33 by rouilj, last changed 2024-12-15 05:33 by rouilj.
|
| msg8228 |
Author: [hidden] (rouilj) |
Date: 2024-12-15 05:33 |
|
A url that has two '? in it like:
http://localhost:9001/rest/data/status?@page_index=?
will generate a 404 not found error when passed to roundup-server. While a
wsgi or cgi run roundup instance will generate a different 4xx code.
This is because roundup-server uses rfind to find the right most '?' when
it should be using the left most according to:
https://www.rfc-editor.org/rfc/rfc3986#section-3.4
The query component contains non-hierarchical data that, along with
data in the path component (Section 3.3), serves to identify a
resource within the scope of the URI's scheme and naming authority
(if any). The query component is indicated by the first question
mark ("?") character and terminated by a number sign ("#") character
or by the end of the URI.
Discovered this while setting up fuzz testing on some rest uri's.
|
|
| Date |
User |
Action |
Args |
| 2024-12-15 05:33:02 | rouilj | create | |
|