34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
|
From 6406338d47034d3d2e6678bdbdafafa6a6e35b2c Mon Sep 17 00:00:00 2001
|
||
|
|
From: Marcel Hellkamp <marc@gsites.de>
|
||
|
|
Date: Wed, 11 Nov 2020 19:24:29 +0100
|
||
|
|
Subject: [PATCH] Do not split query strings on `;` anymore.
|
||
|
|
|
||
|
|
Using `;` as a separator instead of `&` was allowed a long time ago,
|
||
|
|
but is now obsolete and actually invalid according to the 2014 W3C
|
||
|
|
recommendations. Even if this change is technically backwards-incompatible,
|
||
|
|
no real-world application should depend on broken behavior. If you REALLY
|
||
|
|
need this functionality, monkey-patch the _parse_qsl() function.
|
||
|
|
|
||
|
|
Upstream-commit: 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b
|
||
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||
|
|
---
|
||
|
|
bottle.py | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/bottle.py b/bottle.py
|
||
|
|
index 250a925..94fe8a6 100644
|
||
|
|
--- a/bottle.py
|
||
|
|
+++ b/bottle.py
|
||
|
|
@@ -2576,7 +2576,7 @@ def parse_range_header(header, maxlen=0):
|
||
|
|
|
||
|
|
def _parse_qsl(qs):
|
||
|
|
r = []
|
||
|
|
- for pair in qs.replace(';','&').split('&'):
|
||
|
|
+ for pair in qs.split('&'):
|
||
|
|
if not pair: continue
|
||
|
|
nv = pair.split('=', 1)
|
||
|
|
if len(nv) != 2: nv.append('')
|
||
|
|
--
|
||
|
|
2.26.3
|
||
|
|
|