[Bug 2066041] [NEW] merge_slashes is not handled properly

Monniez Christophe 2066041 at bugs.launchpad.net
Fri May 17 12:35:48 UTC 2024 

Public bug reported:

lsb_release:
Description:	Ubuntu 24.04 LTS
Release:	24.04

When a request has repeated slashes and the merge_slashes parameter is
set to False on the Map the slashes are merged and it returns a redirect
response instead of a 404 not found.

This bug is know in the upstream: https://github.com/pallets/werkzeug/issues/2834
And is fixed here : https://github.com/pallets/werkzeug/pull/2860

The upstream versions affected are 2.2.0 up to 3.0.1

Fixed in 3.0.2

Here is a small snippet of code to reproduce:

>>> from werkzeug import routing
>>> url_map = routing.Map([routing.Rule("/url/bad", endpoint="nowhere", merge_slashes=False),])
>>> x = url_map.bind("localhost", "/")
>>> x.match("/url//bad")
('nowhere', {})

But it should result in a Traceback with
werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.


Thanks

** Affects: python-werkzeug (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-werkzeug in Ubuntu.
https://bugs.launchpad.net/bugs/2066041

Title:
  merge_slashes is not handled properly

Status in python-werkzeug package in Ubuntu:
  New

Bug description:
  lsb_release:
  Description:	Ubuntu 24.04 LTS
  Release:	24.04

  When a request has repeated slashes and the merge_slashes parameter is
  set to False on the Map the slashes are merged and it returns a
  redirect response instead of a 404 not found.

  This bug is know in the upstream: https://github.com/pallets/werkzeug/issues/2834
  And is fixed here : https://github.com/pallets/werkzeug/pull/2860

  The upstream versions affected are 2.2.0 up to 3.0.1

  Fixed in 3.0.2

  Here is a small snippet of code to reproduce:

  >>> from werkzeug import routing
  >>> url_map = routing.Map([routing.Rule("/url/bad", endpoint="nowhere", merge_slashes=False),])
  >>> x = url_map.bind("localhost", "/")
  >>> x.match("/url//bad")
  ('nowhere', {})

  But it should result in a Traceback with
  werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

  
  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-werkzeug/+bug/2066041/+subscriptions

More information about the foundations-bugs mailing list