D2731: hgweb: validate WSGI environment dict

[indygreg (Gregory Szorc)]

indygreg created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  The wsgiref.validate module contains useful functions for validating
  that various WSGI data structures are proper.
  
  This commit adds validation of the environment dict to our built-in
  HTTP server, which turns an HTTP request into an environment dict.
  
  The check discovered that we weren't always setting QUERY_STRING,
  which would cause the cgi module to fall back to sys.argv. So we
  change things to always set QUERY_STRING.
  
  The check passes on Python 2 and 3.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D2731

AFFECTED FILES
  mercurial/hgweb/server.py

CHANGE DETAILS

diff --git a/mercurial/hgweb/server.py b/mercurial/hgweb/server.py
--- a/mercurial/hgweb/server.py
+++ b/mercurial/hgweb/server.py
@@ -13,6 +13,7 @@
 import socket
 import sys
 import traceback
+import wsgiref.validate
 
 from ..i18n import _
 
@@ -128,8 +129,7 @@
         env[r'PATH_INFO'] = pycompat.sysstr(path[len(self.server.prefix):])
         env[r'REMOTE_HOST'] = self.client_address[0]
         env[r'REMOTE_ADDR'] = self.client_address[0]
-        if query:
-            env[r'QUERY_STRING'] = query
+        env[r'QUERY_STRING'] = query or r''
 
         if pycompat.ispy3:
             if self.headers.get_content_type() is None:
@@ -166,6 +166,8 @@
                                               socketserver.ForkingMixIn)
         env[r'wsgi.run_once'] = 0
 
+        wsgiref.validate.check_environ(env)
+
         self.saved_status = None
         self.saved_headers = []
         self.length = None



To: indygreg, #hg-reviewers
Cc: mercurial-devel