[Zope-Checkins] SVN: Zope/branches/2.13/ LP #930812: Scrub headers a bit more.

Hano Schlichting cvs-admin at zope.org
Sun Oct 14 12:43:46 UTC 2012


Log message for revision 127997:
  LP #930812: Scrub headers a bit more.
  

Changed:
  U   Zope/branches/2.13/doc/CHANGES.rst
  U   Zope/branches/2.13/src/ZPublisher/HTTPResponse.py
  U   Zope/branches/2.13/src/ZPublisher/tests/testHTTPResponse.py

-=-
Modified: Zope/branches/2.13/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.13/doc/CHANGES.rst	2012-10-14 12:38:50 UTC (rev 127996)
+++ Zope/branches/2.13/doc/CHANGES.rst	2012-10-14 12:43:43 UTC (rev 127997)
@@ -8,6 +8,8 @@
 2.13.19 (unreleased)
 --------------------
 
+- LP #930812: Scrub headers a bit more.
+
 - Updated distributions:
 
   - tempstorage = 2.12.2

Modified: Zope/branches/2.13/src/ZPublisher/HTTPResponse.py
===================================================================
--- Zope/branches/2.13/src/ZPublisher/HTTPResponse.py	2012-10-14 12:38:50 UTC (rev 127996)
+++ Zope/branches/2.13/src/ZPublisher/HTTPResponse.py	2012-10-14 12:43:43 UTC (rev 127997)
@@ -128,7 +128,7 @@
 if otherTypes:
     uncompressableMimeMajorTypes += tuple(otherTypes.split(','))
 
-_CRLF = re.compile(r'\r[\n]?')
+_CRLF = re.compile(r'[\r\n]')
 
 def _scrubHeader(name, value):
     return ''.join(_CRLF.split(str(name))), ''.join(_CRLF.split(str(value)))

Modified: Zope/branches/2.13/src/ZPublisher/tests/testHTTPResponse.py
===================================================================
--- Zope/branches/2.13/src/ZPublisher/tests/testHTTPResponse.py	2012-10-14 12:38:50 UTC (rev 127996)
+++ Zope/branches/2.13/src/ZPublisher/tests/testHTTPResponse.py	2012-10-14 12:43:43 UTC (rev 127997)
@@ -431,6 +431,15 @@
                          ('Set-Cookie',
                           'violation="http://www.ietf.org/rfc/rfc2616.txt"')])
 
+    def test_setHeader_drops_LF(self):
+        # Some browsers accept \n in place of \n\r to separate headers,
+        # so we scrub it too.
+        response = self._makeOne()
+        response.setHeader('Location',
+                           'http://www.ietf.org/rfc/\nrfc2616.txt')
+        self.assertEqual(response.headers['location'],
+                         'http://www.ietf.org/rfc/rfc2616.txt')
+
     def test_appendHeader_no_existing(self):
         response = self._makeOne()
         response.appendHeader('foo', 'foo')



More information about the Zope-Checkins mailing list