[PyCS-devel] bug in medusa that creates problems for both pycs and pyds (functionality bug, not secu
Status: Alpha
Brought to you by:
myelin
Menu
▾
▴
[PyCS-devel] bug in medusa that creates problems for both pycs and pyds (functionality bug, not security bug!)
|
From: Georg B. <gb...@mu...> - 2003-03-03 14:03:27
|
Hi! There is a bug in medusa that creates problems for PyCS and PyDS when passing URIs as parameters to handlers via GET methods. Medusa unquotes the request in the http_server.py module in the http_channel class in the found_terminator method. It unquotes the _full_ request line, not only the command and path parts. This produces problems when one of your parameters you try to pass in is an URI, like is the case with the counter script that creates the referer entries. This is the reason why in the referer lists URIs only show their first parameter. The problem is, the unquote removes the quote-protection from the parameter values. Since we interpret the query part after the global unquote, the before protected additional parameters of the passed in URI now become parameters of the called URI. I don't have a good idea how to fix this without touching medusa (which I wouldn't like to do, as this complicates setup), and so contacted the upstream author on it and left the bug in the system. But if the upstream author doesn't come up with something, we will have to fix that ourselves, as it really creates problems. Anyone of you with a good idea? bye, Georg |
