Module: check_mk
Branch: master
Commit: a9bd04fa333a16e3f48cac42b22b0d7cd1d0da30
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a9bd04fa333a16…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Oct 22 08:10:43 2019 +0200
Fixed processing of HTTP vars with equal sign in name
This issue was introduced during some internal cleanups where the
valid characters for variable names have been made stricter. This
disallowed base64 encoded parts in the names which is now possible
again.
This is used at least on the user edit dialog and the service discovery
page.
Change-Id: Ia896b7f9a88f91bce806ff178d9a13744339b6a9
---
cmk/gui/http.py | 2 +-
tests/unit/cmk/gui/test_http.py | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/cmk/gui/http.py b/cmk/gui/http.py
index 9d98f90..cd30716 100644
--- a/cmk/gui/http.py
+++ b/cmk/gui/http.py
@@ -83,7 +83,7 @@ class Request(object):
# alphanumeric characters plus any character from set('%*+-._'), which is
probably still a
# bit too broad. We should really figure out what we need and make sure that we
only use
# that restricted set.
- varname_regex = re.compile(r'^[\w.%*+-]+$')
+ varname_regex = re.compile(r'^[\w.%*+=-]+$')
for field in fields.list:
varname = field.name
diff --git a/tests/unit/cmk/gui/test_http.py b/tests/unit/cmk/gui/test_http.py
index 196175d..bcf03d0 100644
--- a/tests/unit/cmk/gui/test_http.py
+++ b/tests/unit/cmk/gui/test_http.py
@@ -2,11 +2,27 @@
# encoding: utf-8
import time
+import io
import cmk.gui.http as http
from cmk.gui.globals import html
+def test_http_request_allowed_vars():
+ wsgi_environ = {
+ # Please note: This is no complete WSGI environment
+ "REQUEST_METHOD" : "POST",
+ # Contains a variable that has a base64 coded value in it's name. This
+ # is done for example on the service discovery page or on the user
+ # editing page.
+ "wsgi.input" :
io.BytesIO("asd=x&_Y21rYWRtaW4%3D=aaa"),
+ "SCRIPT_NAME" : "",
+ "REQUEST_URI" : "",
+ }
+ req = http.Request(wsgi_environ)
+ assert req.var("asd") == "x"
+ assert req.var("_Y21rYWRtaW4=") == "aaa"
+
def test_cookie_handling(register_builtin_html, monkeypatch):
monkeypatch.setattr(html.request, "cookies", {"cookie1":
{"key": "1a"}})
assert html.request.get_cookie_names() == ["cookie1"]