From: Ben Darnell <ben@bendarnell.com>
Date: Sat, 3 Oct 2015 15:40:22 +0000 (-0400)
Subject: Force simple_httpclient in path traversal test.
X-Git-Tag: v4.3.0b1~10^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50665e0f81865343ec00524ac944219e4ddb528f;p=thirdparty%2Ftornado.git

Force simple_httpclient in path traversal test.

This fails with recent versions of libcurl because curl now processes
".." on the client side.
---

diff --git a/tornado/test/web_test.py b/tornado/test/web_test.py
index f04db9597..561bad3e5 100644
--- a/tornado/test/web_test.py
+++ b/tornado/test/web_test.py
@@ -1197,6 +1197,10 @@ class StaticFileTest(WebTestCase):
         self.assertEqual(response.code, 404)
 
     def test_path_traversal_protection(self):
+        # curl_httpclient processes ".." on the client side, so we
+        # must test this with simple_httpclient.
+        self.http_client.close()
+        self.http_client = SimpleAsyncHTTPClient()
         with ExpectLog(gen_log, ".*not in root static directory"):
             response = self.get_and_head('/static/../static_foo.txt')
         # Attempted path traversal should result in 403, not 200