From: James Frost Date: Sat, 24 Dec 2022 18:28:59 +0000 (+0000) Subject: gh-100474: Fix handling of dirs named index.html in http.server (GH-100475) X-Git-Tag: v3.12.0a4~131 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46e6a28308def2c3a71c679a6fa4ed7d520802b9;p=thirdparty%2FPython%2Fcpython.git gh-100474: Fix handling of dirs named index.html in http.server (GH-100475) If you had a directory called index.html or index.htm within a directory, it would cause http.server to return a 404 Not Found error instead of the directory listing. This came about due to not checking that the index was a regular file. I have also added a test case for this situation. Automerge-Triggered-By: GH:merwok --- diff --git a/Lib/http/server.py b/Lib/http/server.py index 8acabff605e7..221c8be4ae4b 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -711,7 +711,7 @@ class SimpleHTTPRequestHandler(BaseHTTPRequestHandler): return None for index in self.index_pages: index = os.path.join(path, index) - if os.path.exists(index): + if os.path.isfile(index): path = index break else: diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py index ca078862cca6..cbcf94136ac4 100644 --- a/Lib/test/test_httpservers.py +++ b/Lib/test/test_httpservers.py @@ -489,6 +489,9 @@ class SimpleHTTPServerTestCase(BaseTestCase): self.check_status_and_reason(response, HTTPStatus.NOT_FOUND) response = self.request('/' + 'ThisDoesNotExist' + '/') self.check_status_and_reason(response, HTTPStatus.NOT_FOUND) + os.makedirs(os.path.join(self.tempdir, 'spam', 'index.html')) + response = self.request(self.base_url + '/spam/') + self.check_status_and_reason(response, HTTPStatus.OK) data = b"Dummy index file\r\n" with open(os.path.join(self.tempdir_name, 'index.html'), 'wb') as f: diff --git a/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst b/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst new file mode 100644 index 000000000000..31abfb8b87fb --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-12-23-21-02-43.gh-issue-100474.gppA4U.rst @@ -0,0 +1,2 @@ +:mod:`http.server` now checks that an index page is actually a regular file before trying +to serve it. This avoids issues with directories named ``index.html``.