# HG changeset patch # User Gregory Szorc # Date 2018-03-08 17:44:27 # Node ID 8e1556ac01bb88e7925fe079338bd3ad61f4d795 # Parent 7fc80c98265618fc815f3ec72affdd65e71569a4 hgweb: validate WSGI environment dict The wsgiref.validate module contains useful functions for validating that various WSGI data structures are proper. This commit adds validation of the environment dict to our built-in HTTP server, which turns an HTTP request into an environment dict. The check discovered that we weren't always setting QUERY_STRING, which would cause the cgi module to fall back to sys.argv. So we change things to always set QUERY_STRING. The check passes on Python 2 and 3. Differential Revision: https://phab.mercurial-scm.org/D2731 diff --git a/mercurial/hgweb/server.py b/mercurial/hgweb/server.py --- a/mercurial/hgweb/server.py +++ b/mercurial/hgweb/server.py @@ -13,6 +13,7 @@ import os import socket import sys import traceback +import wsgiref.validate from ..i18n import _ @@ -128,8 +129,7 @@ class _httprequesthandler(httpservermod. env[r'PATH_INFO'] = pycompat.sysstr(path[len(self.server.prefix):]) env[r'REMOTE_HOST'] = self.client_address[0] env[r'REMOTE_ADDR'] = self.client_address[0] - if query: - env[r'QUERY_STRING'] = query + env[r'QUERY_STRING'] = query or r'' if pycompat.ispy3: if self.headers.get_content_type() is None: @@ -166,6 +166,8 @@ class _httprequesthandler(httpservermod. socketserver.ForkingMixIn) env[r'wsgi.run_once'] = 0 + wsgiref.validate.check_environ(env) + self.saved_status = None self.saved_headers = [] self.length = None