]> Cypherpunks.ru repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42b2029)
net/http/cgi: the PATH_INFO should be empty or start with a slash
authoraimuz <mr.imuz@gmail.com>
Fri, 3 Nov 2023 23:42:21 +0000 (23:42 +0000)
committerGopher Robot <gobot@golang.org>
Mon, 6 Nov 2023 22:04:34 +0000 (22:04 +0000)
fixed PATH_INFO not starting with a slash as described in RFC 3875
for PATH_INFO.

Fixes #63925

Change-Id: I1ead98dff190c53eb7a50546569ef6ded3199a0a
GitHub-Last-Rev: 1c532e330b0d74ee42afc412611a005bc565bb26
GitHub-Pull-Request: golang/go#63926
Reviewed-on: https://go-review.googlesource.com/c/go/+/539615
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/net/http/cgi/host.go patch | blob | history
src/net/http/cgi/host_test.go patch | blob | history

diff --git a/src/net/http/cgi/host.go b/src/net/http/cgi/host.go
index 085658ee7a6d373095f94dcb0d998a1d1aa01980..ef222ab73a75c0ce2c6d897bd635470f503ca071 100644 (file)
--- a/src/net/http/cgi/host.go
+++ b/src/net/http/cgi/host.go
@@ -115,21 +115,14 @@ func removeLeadingDuplicates(env []string) (ret []string) {
 }
 
 func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-       root := h.Root
-       if root == "" {
-               root = "/"
-       }
-
        if len(req.TransferEncoding) > 0 && req.TransferEncoding[0] == "chunked" {
                rw.WriteHeader(http.StatusBadRequest)
                rw.Write([]byte("Chunked request bodies are not supported by CGI."))
                return
        }
 
-       pathInfo := req.URL.Path
-       if root != "/" && strings.HasPrefix(pathInfo, root) {
-               pathInfo = pathInfo[len(root):]
-       }
+       root := strings.TrimRight(h.Root, "/")
+       pathInfo := strings.TrimPrefix(req.URL.Path, root)
 
        port := "80"
        if req.TLS != nil {
diff --git a/src/net/http/cgi/host_test.go b/src/net/http/cgi/host_test.go
index 707af71dd7969703433b7cb85f1ba87c14448d62..f310a83d498b1c167f36b9a6981e1f039a07236a 100644 (file)
--- a/src/net/http/cgi/host_test.go
+++ b/src/net/http/cgi/host_test.go
@@ -210,14 +210,14 @@ func TestPathInfoDirRoot(t *testing.T) {
        check(t)
        h := &Handler{
                Path: "testdata/test.cgi",
-               Root: "/myscript/",
+               Root: "/myscript//",
        }
        expectedMap := map[string]string{
-               "env-PATH_INFO":       "bar",
+               "env-PATH_INFO":       "/bar",
                "env-QUERY_STRING":    "a=b",
                "env-REQUEST_URI":     "/myscript/bar?a=b",
                "env-SCRIPT_FILENAME": "testdata/test.cgi",
-               "env-SCRIPT_NAME":     "/myscript/",
+               "env-SCRIPT_NAME":     "/myscript",
        }
        runCgiTest(t, h, "GET /myscript/bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)
 }
@@ -278,7 +278,7 @@ func TestPathInfoNoRoot(t *testing.T) {
                "env-QUERY_STRING":    "a=b",
                "env-REQUEST_URI":     "/bar?a=b",
                "env-SCRIPT_FILENAME": "testdata/test.cgi",
-               "env-SCRIPT_NAME":     "/",
+               "env-SCRIPT_NAME":     "",
        }
        runCgiTest(t, h, "GET /bar?a=b HTTP/1.0\nHost: example.com\n\n", expectedMap)
 }
Go GOST TLS 1.3