diff options
| author | David Lord <davidism@gmail.com> | 2019-04-01 18:31:58 -0700 |
|---|---|---|
| committer | David Lord <davidism@gmail.com> | 2019-04-01 18:31:58 -0700 |
| commit | f312def79fbbcb368567ce56ed53bcc89b82faef (patch) | |
| tree | 2f3f9933a646b6f3f8bf709de6746063e5406fcf | |
| parent | d3dc03276da13e0b25834318fbbe8bc6ca4e58b5 (diff) | |
| download | werkzeug-test-environ-copy.tar.gz | |
test client copies environ passed to apptest-environ-copy
| -rw-r--r-- | CHANGES.rst | 3 | ||||
| -rw-r--r-- | src/werkzeug/test.py | 2 | ||||
| -rw-r--r-- | tests/test_test.py | 20 |
3 files changed, 24 insertions, 1 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 17a94dc0..fc02c765 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -12,6 +12,9 @@ Unreleased cookies. This fixes an issue introduced in 0.15.0 where the cookies from the original request were used for redirects, causing functions such as logout to fail. (:issue:`1491`) +- The test client copies the environ before passing it to the app, to + prevent in-place modifications from affecting redirect requests. + (:issue:`1498`) Version 0.15.1 diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index f83bd3d6..3c9fae61 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -990,7 +990,7 @@ class Client(object): finally: builder.close() - response = self.run_wsgi_app(environ, buffered=buffered) + response = self.run_wsgi_app(environ.copy(), buffered=buffered) # handle redirects redirect_chain = [] diff --git a/tests/test_test.py b/tests/test_test.py index 38b59807..d40aa54e 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -32,6 +32,7 @@ from werkzeug.utils import redirect from werkzeug.wrappers import BaseResponse from werkzeug.wrappers import Request from werkzeug.wrappers import Response +from werkzeug.wsgi import pop_path_info def cookie_app(environ, start_response): @@ -544,6 +545,25 @@ def test_cookie_across_redirect(): assert c.get("/").data == b"out" +def test_redirect_mutate_environ(): + @Request.application + def app(request): + if request.path == "/first": + return redirect("/prefix/second") + + return Response(request.path) + + def middleware(environ, start_response): + # modify the environ in place, shouldn't propagate to redirect request + pop_path_info(environ) + return app(environ, start_response) + + c = Client(middleware, Response) + rv = c.get("/prefix/first", follow_redirects=True) + # if modified environ was used by client, this would be / + assert rv.data == b"/second" + + def test_path_info_script_name_unquoting(): def test_app(environ, start_response): start_response("200 OK", [("Content-Type", "text/plain")]) |