[zope2-tracker] [Bug 984884] [NEW] VirtualHostMonster silently trims a slash from a double slash
anthonygerrard+launchpad.net at gmail.com
Wed Apr 18 13:25:34 UTC 2012
Public bug reported:
We ran into a problem when some bot / hacker was sending requests to our
which resulted in unhandled exceptions. We're using Apache, Zope, VHM,
Plone plus plone.app.theming. The errors were originating in
p.a.theming's use of plone.subrequest which read certain values stored
in the request object including VIRTUAL_URL_PARTS to build a subrequest.
I've written a couple of tests (attached) which show that Zope will trim
one of the slashes off a double slash in both the ACTUAL_URL and
VIRTUAL_URL_PARTS values stored on the request.
Admittedly this is a bit of an edge case but I think it is a bug in
** Affects: zope2
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.
VirtualHostMonster silently trims a slash from a double slash
To manage notifications about this bug go to:
More information about the zope2-tracker