Force simple_httpclient in path traversal test.

This fails with recent versions of libcurl because curl now processes ".." on the client side.
2015-10-03 11:40:22 -04:00 · 2015-10-03 11:40:22 -04:00 · 50665e0f81
parent fe02b565fc
commit 50665e0f81
1 changed files with 4 additions and 0 deletions
--- a/tornado/test/web_test.py
+++ b/tornado/test/web_test.py
@ -1197,6 +1197,10 @@ class StaticFileTest(WebTestCase):
        self.assertEqual(response.code, 404)

    def test_path_traversal_protection(self):
+        # curl_httpclient processes ".." on the client side, so we
+        # must test this with simple_httpclient.
+        self.http_client.close()
+        self.http_client = SimpleAsyncHTTPClient()
        with ExpectLog(gen_log, ".*not in root static directory"):
            response = self.get_and_head('/static/../static_foo.txt')
        # Attempted path traversal should result in 403, not 200