Commit 3858283d authored by Hanno Schlichting's avatar Hanno Schlichting

- LP #930812: Scrub headers a bit more.

parent 90acba55
...@@ -128,7 +128,7 @@ otherTypes = os.environ.get('DONT_GZIP_MAJOR_MIME_TYPES','').lower() ...@@ -128,7 +128,7 @@ otherTypes = os.environ.get('DONT_GZIP_MAJOR_MIME_TYPES','').lower()
if otherTypes: if otherTypes:
uncompressableMimeMajorTypes += tuple(otherTypes.split(',')) uncompressableMimeMajorTypes += tuple(otherTypes.split(','))
_CRLF = re.compile(r'\r[\n]?') _CRLF = re.compile(r'[\r\n]')
def _scrubHeader(name, value): def _scrubHeader(name, value):
return ''.join(_CRLF.split(str(name))), ''.join(_CRLF.split(str(value))) return ''.join(_CRLF.split(str(name))), ''.join(_CRLF.split(str(value)))
......
...@@ -409,6 +409,15 @@ class HTTPResponseTests(unittest.TestCase): ...@@ -409,6 +409,15 @@ class HTTPResponseTests(unittest.TestCase):
self.assertEqual(response.headers['location'], self.assertEqual(response.headers['location'],
'http://www.ietf.org/rfc/rfc2616.txt') 'http://www.ietf.org/rfc/rfc2616.txt')
def test_setHeader_drops_LF(self):
# Some browsers accept \n in place of \n\r to separate headers,
# so we scrub it too.
response = self._makeOne()
response.setHeader('Location',
'http://www.ietf.org/rfc/\nrfc2616.txt')
self.assertEqual(response.headers['location'],
'http://www.ietf.org/rfc/rfc2616.txt')
def test_appendHeader_no_existing(self): def test_appendHeader_no_existing(self):
response = self._makeOne() response = self._makeOne()
response.appendHeader('foo', 'foo') response.appendHeader('foo', 'foo')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment