1. anatoly techtonik
  2. http.server-patches

Source

http.server-patches / 9272.CGIHTTPServer-poisons-os.environ.patch

# HG changeset patch
# Parent 131b45a57b05c71965b164752baf8a4a810a56cd
do not allow CGIHTTPServer to meddle with parent os.environ

diff -r 131b45a57b05 Lib/CGIHTTPServer.py
--- a/Lib/CGIHTTPServer.py	Thu Jul 15 20:48:37 2010 +0300
+++ b/Lib/CGIHTTPServer.py	Fri Jul 16 11:51:47 2010 +0300
@@ -29,6 +29,7 @@
 import BaseHTTPServer
 import SimpleHTTPServer
 import select
+import copy
 
 
 class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@@ -154,7 +155,7 @@
 
         # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
         # XXX Much of the following could be prepared ahead of time!
-        env = {}
+        env = copy.deepcopy(os.environ)
         env['SERVER_SOFTWARE'] = self.version_string()
         env['SERVER_NAME'] = self.server.server_name
         env['GATEWAY_INTERFACE'] = 'CGI/1.1'
@@ -216,7 +217,6 @@
         for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
                   'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
             env.setdefault(k, "")
-        os.environ.update(env)
 
         self.send_response(200, "Script output follows")
 
@@ -248,7 +248,7 @@
                     pass
                 os.dup2(self.rfile.fileno(), 0)
                 os.dup2(self.wfile.fileno(), 1)
-                os.execve(scriptfile, args, os.environ)
+                os.execve(scriptfile, args, env)
             except:
                 self.server.handle_error(self.request, self.client_address)
                 os._exit(127)
@@ -274,7 +274,8 @@
             p = subprocess.Popen(cmdline,
                                  stdin = subprocess.PIPE,
                                  stdout = subprocess.PIPE,
-                                 stderr = subprocess.PIPE
+                                 stderr = subprocess.PIPE,
+                                 env = env
                                 )
             if self.command.lower() == "post" and nbytes > 0:
                 data = self.rfile.read(nbytes)