Issue 24661: CGIHTTPServer: premature unescaping of query string (original) (raw)

Created on 2015-07-18 14:04 by johnseman, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (4)
msg246900 - (view)	Author: John S (johnseman)	Date: 2015-07-18 14:04
I created a simple CGI script that outputs the query string passed to it: ``` #!/usr/bin/env python import os print 'Content-Type: text/html\n\n' print os.environ['QUERY_STRING'] ``` I saved it as cgi-bin/test.cgi and made it executable. I then ran `python -m CGIHTTPModule` and opened http://localhost:8000/cgi-bin/test.cgi?H%26M in a web browser. The output was H&M when it should have been H%26M I tried with Python 2.7.5, 2.7.3 and 2.6.6 and they all correctly output H%26M. The test.cgi file is attached.
msg246929 - (view)	Author: Eric V. Smith (eric.smith) *	Date: 2015-07-19 02:33
I would expect the cgi script to receive the unescaped values. Can you point to some reference that says otherwise?
msg246941 - (view)	Author: John S (johnseman)	Date: 2015-07-19 13:11
Image you had the following URL. http://localhost:8000/cgi-bin/test.cgi?q=Dolce%26Gabbana&p=1 os.environ['QUERY_STRING'] would hold the value q=Dolce&Gabbana&p=1 If you ran the following code, you would be unable to get the value of the q paramater in full. import cgi form = cgi.FieldStorage() print form["q"].value # Outputs Dolce without the Gabbbana
msg254474 - (view)	Author: Martin Panter (martin.panter) *	Date: 2015-11-11 05:48
The CGI server no longer unquotes the query string thanks to the fix for Issue 24657. The fix should be in the next (2.7.11) release.