From 6406338d47034d3d2e6678bdbdafafa6a6e35b2c Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Wed, 11 Nov 2020 19:24:29 +0100
Subject: [PATCH] Do not split query strings on `;` anymore.

Using `;` as a separator instead of `&` was allowed a long time ago,
but is now obsolete and actually invalid according to the 2014 W3C
recommendations. Even if this change is technically backwards-incompatible,
no real-world application should depend on broken behavior. If you REALLY
need this functionality, monkey-patch the _parse_qsl() function.

Upstream-commit: 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 bottle.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bottle.py b/bottle.py
index 250a925..94fe8a6 100644
--- a/bottle.py
+++ b/bottle.py
@@ -2576,7 +2576,7 @@ def parse_range_header(header, maxlen=0):
 
 def _parse_qsl(qs):
     r = []
-    for pair in qs.replace(';','&').split('&'):
+    for pair in qs.split('&'):
         if not pair: continue
         nv = pair.split('=', 1)
         if len(nv) != 2: nv.append('')
-- 
2.26.3