[zope2-tracker] [Bug 984884] [NEW] VirtualHostMonster silently trims a slash from a double slash

Anthony Gerrard anthonygerrard+launchpad.net at gmail.com
Wed Apr 18 13:25:34 UTC 2012

Public bug reported:

We ran into a problem when some bot / hacker was sending requests to our
server like


which resulted in unhandled exceptions.  We're using Apache, Zope, VHM,
Plone plus plone.app.theming. The errors were originating in
p.a.theming's use of plone.subrequest which read certain values stored
in the request object including VIRTUAL_URL_PARTS to build a subrequest.

I've written a couple of tests (attached) which show that Zope will trim
one of the slashes off a double slash in both the ACTUAL_URL and
VIRTUAL_URL_PARTS values stored on the request.

Admittedly this is a bit of an edge case but I think it is a bug in

** Affects: zope2
     Importance: Undecided
         Status: New

You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.

  VirtualHostMonster silently trims a slash from a double slash

To manage notifications about this bug go to:

More information about the zope2-tracker mailing list