File 0001_Do_not_split_query_strings_on_semicolon_anymore.patch of Package python-bottle.18254
From 57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp <marc@gsites.de>
Date: Wed, 11 Nov 2020 19:24:29 +0100
Subject: [PATCH] Do not split query strings on `;` anymore.
Using `;` as a separator instead of `&` was allowed a long time ago,
but is now obsolete and actually invalid according to the 2014 W3C
recommendations. Even if this change is technically backwards-incompatible,
no real-world application should depend on broken behavior. If you REALLY
need this functionality, monkey-patch the _parse_qsl() function.
---
bottle.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bottle.py b/bottle.py
index bcfc5e62..417b01b9 100644
--- a/bottle.py
+++ b/bottle.py
@@ -2585,7 +2585,7 @@ def parse_range_header(header, maxlen=0):
def _parse_qsl(qs):
r = []
- for pair in qs.replace(';','&').split('&'):
+ for pair in qs.split('&'):
if not pair: continue
nv = pair.split('=', 1)
if len(nv) != 2: nv.append('')