Why exception from os.path.exists()?
On Thu, Jun 7, 2018 at 10:18 PM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> On Thu, 07 Jun 2018 13:47:07 +0300, Marko Rauhamaa wrote:
>> Chris Angelico <rosuav at gmail.com>:
>>> On Thu, Jun 7, 2018 at 7:29 PM, Marko Rauhamaa <marko at pacujo.net>
>>>> 3. http://localhost:8000/te%00st.html
>>>> => The server crashes with a ValueError and the TCP connection is
>>> Actually, I couldn't even get Chrome to make that request, so it
>>> obviously was considered by the browser to be invalid.
>> Wow! Why on earth?
> It works in Firefox, but Apache truncates the URL:
> Not Found
> The requested URL /te was not found on this server.
> instead of te%00st.html
> I wonder how many publicly facing web servers can be induced to either
> crash, or serve the wrong content, this way?
Define "serve the wrong content". You could get the exact same content
by asking for "te" instead of "te%00st.html"; what you've done is not
significantly different from this:
Is that a security problem too?