Description

See steps.

Steps to reproduce

1. Go to MoinMoinBugs and enter "abc%20def". Notice that it creates a page named "abc%20def"

2. try the same on standalone, notice that it creates a page named "abc def"

Details

this wiki.

• this can not be true, this wiki does not run standalone!

Workaround

"don't do that then", I guess.

Discussion

I think the stand-alone server unqotes some things too much. The macro uses GET, and the web browser correctly sends "GET ...abc%2520def".

Here's a patch:

--- orig/MoinMoin/request.py
+++ mod/MoinMoin/request.py
@@ -1470,7 +1470,8 @@
             # Split and unquote path and query string
             import urllib
             if '?' in sa.path:
-                path, query = map(urllib.unquote, sa.path.split('?', 1))
+                path, query = sa.path.split('?', 1)
+                path = urllib.unquote(path)
             else:
                 path, query = urllib.unquote(sa.path), ''

(Debugging hint: I replaced the urllib.unquote function with a function that does the same (calling a saved copy of urllib.unquote) and printed a traceback whenever the unquoted string matched the RE '.*abc.*20def.*')

FWIW, the code I deleted couldn't possibly be correct, imagine search for the text 'abc&def'. The code above would unquoted the '%26' (ampersand) before the arguments were split, so afterwards the query string would be split at the '&' that was supposed to be part of an argument.

TODO

Tested this test case on twisted, cgi, modpy and fastcgi, all fine. This is specific standalone bug. -- NirSoffer 2005-02-10 23:01:02

Plan

• Priority:

• Assigned to: AlexanderSchremmer

• Status: Fixed in patch-619

CategoryMoinMoinBugFixed CategoryRelease1.3.4