Issue #21323: Fix CGIHTTPServer to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435. Patch by Zach Byrne.
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index c1c1a2d..f776b07 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -386,7 +386,9 @@
BaseTestCase.setUp(self)
self.parent_dir = tempfile.mkdtemp()
self.cgi_dir = os.path.join(self.parent_dir, 'cgi-bin')
+ self.cgi_child_dir = os.path.join(self.cgi_dir, 'child-dir')
os.mkdir(self.cgi_dir)
+ os.mkdir(self.cgi_child_dir)
# The shebang line should be pure ASCII: use symlink if possible.
# See issue #7668.
@@ -411,6 +413,11 @@
file2.write(cgi_file2 % self.pythonexe)
os.chmod(self.file2_path, 0777)
+ self.file3_path = os.path.join(self.cgi_child_dir, 'file3.py')
+ with open(self.file3_path, 'w') as file3:
+ file3.write(cgi_file1 % self.pythonexe)
+ os.chmod(self.file3_path, 0777)
+
self.cwd = os.getcwd()
os.chdir(self.parent_dir)
@@ -422,6 +429,8 @@
os.remove(self.nocgi_path)
os.remove(self.file1_path)
os.remove(self.file2_path)
+ os.remove(self.file3_path)
+ os.rmdir(self.cgi_child_dir)
os.rmdir(self.cgi_dir)
os.rmdir(self.parent_dir)
finally:
@@ -516,6 +525,11 @@
self.assertEqual((b'Hello World\n', 'text/html', 200),
(res.read(), res.getheader('Content-type'), res.status))
+ def test_nested_cgi_path_issue21323(self):
+ res = self.request('/cgi-bin/child-dir/file3.py')
+ self.assertEqual((b'Hello World\n', 'text/html', 200),
+ (res.read(), res.getheader('Content-type'), res.status))
+
class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
""" Test url parsing """