Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 602 unicode path encoding when mounting application. #640

Closed
wants to merge 5 commits into from
Closed

Fix 602 unicode path encoding when mounting application. #640

wants to merge 5 commits into from

Conversation

blakev
Copy link

@blakev blakev commented Jul 23, 2014

fix #602

@blakev blakev changed the title Bottle dev Fix 602 unicode path encoding when mounting application. Jul 23, 2014
@onny
Copy link

onny commented Sep 12, 2015

Please merge this into master :(

mgedmin
mgedmin reviewed Sep 13, 2018
View reviewed changes
bottle.py
return HTTPError(400, 'Invalid path string. Expected UTF-8')
except UnicodeError:
try: # BUG 602 encoding path to latin1 may contain char not in utf8
environ['PATH_INFO'] = urlunquote(path)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not seem safe to me. Repeated UTF-8 decoding might succeed (by accident), mangling actual data.

Besides, the WSGI spec requires environ['PATH_INFO'] to be raw bytes from the HTTP request, decoded as Latin-1. If you mount a WSGI app, bottle should convert it back before passing it to the mounted app.

IOW I think it would be better to fix this in mount().

@defnull
Copy link
Member

defnull commented Sep 13, 2018

I think that @mgedmin is right. The actual bug is in Bottle._handle(), where environ['PATH_INFO'] is replaced by the re-encoded value, which breaks the WSGI spec for mounted applications. See #602 for a more detailed explanation.

@defnull defnull closed this Sep 13, 2018
@blakev blakev deleted the bottle-dev branch September 14, 2018 01:37
@amoxuk
Copy link

amoxuk commented Feb 18, 2022

removed this merge from bottle is an error. I still get this bug from Bottle v0.12.19 in 2022.02. although it was not so perfect but solve this bug!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgedmin mgedmin mgedmin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UTF8 path string invalid when using app.mount()
5 participants
@blakev @onny @defnull @amoxuk @mgedmin