From 50665e0f81865343ec00524ac944219e4ddb528f Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Sat, 3 Oct 2015 11:40:22 -0400
Subject: [PATCH] Force simple_httpclient in path traversal test.

This fails with recent versions of libcurl because curl now processes
".." on the client side.
---
 tornado/test/web_test.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tornado/test/web_test.py b/tornado/test/web_test.py
index f04db959..561bad3e 100644
--- a/tornado/test/web_test.py
+++ b/tornado/test/web_test.py
@@ -1197,6 +1197,10 @@ class StaticFileTest(WebTestCase):
         self.assertEqual(response.code, 404)
 
     def test_path_traversal_protection(self):
+        # curl_httpclient processes ".." on the client side, so we
+        # must test this with simple_httpclient.
+        self.http_client.close()
+        self.http_client = SimpleAsyncHTTPClient()
         with ExpectLog(gen_log, ".*not in root static directory"):
             response = self.get_and_head('/static/../static_foo.txt')
         # Attempted path traversal should result in 403, not 200