Ubuntu
python-werkzeug package

merge_slashes is not handled properly

Bug #2066041 reported by Monniez Christophe on 2024-05-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-werkzeug (Ubuntu)	New	Undecided	Unassigned

Bug Description

lsb_release:
Description: Ubuntu 24.04 LTS
Release: 24.04

When a request has repeated slashes and the merge_slashes parameter is set to False on the Map the slashes are merged and it returns a redirect response instead of a 404 not found.

This bug is know in the upstream: https://github.com/pallets/werkzeug/issues/2834
And is fixed here : https://github.com/pallets/werkzeug/pull/2860

The upstream versions affected are 2.2.0 up to 3.0.1

Fixed in 3.0.2

Here is a small snippet of code to reproduce:

>>> from werkzeug import routing
>>> url_map = routing.Map([routing.Rule("/url/bad", endpoint="nowhere", merge_slashes=False),])
>>> x = url_map.bind("localhost", "/")
>>> x.match("/url//bad")
('nowhere', {})

But it should result in a Traceback with
werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

Thanks

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupython-werkzeug package

merge_slashes is not handled properly

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
python-werkzeug package