Roundup Tracker - Issues

Message8228

Author rouilj
Recipients rouilj
Date 2024-12-15.05:33:02
Message-id <1734240782.95.0.710270100076.issue2551381@roundup.psfhosted.org>
In-reply-to 
A url that has two '? in it like:

    http://localhost:9001/rest/data/status?@page_index=?

will generate a 404 not found error when passed to roundup-server. While a
wsgi or cgi run roundup instance will generate a different 4xx code.

This is because roundup-server uses rfind to find the right most '?' when
it should be using the left most according to:
https://www.rfc-editor.org/rfc/rfc3986#section-3.4

     The query component contains non-hierarchical data that, along with
   data in the path component (Section 3.3), serves to identify a
   resource within the scope of the URI's scheme and naming authority
   (if any).  The query component is indicated by the first question
   mark ("?") character and terminated by a number sign ("#") character
   or by the end of the URI.

Discovered this while setting up fuzz testing on some rest uri's.
History
Date User Action Args
2024-12-15 05:33:03rouiljsetrecipients: + rouilj
2024-12-15 05:33:02rouiljsetmessageid: <1734240782.95.0.710270100076.issue2551381@roundup.psfhosted.org>
2024-12-15 05:33:02rouiljlinkissue2551381 messages
2024-12-15 05:33:02rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020