diff options
author | Braedon Vickers <braedon.vickers@gmail.com> | 2020-09-28 13:31:58 +0800 |
---|---|---|
committer | Marcel Hellkamp <marc@gsites.de> | 2020-12-31 16:40:09 +0100 |
commit | 4ba312fa335b67406890454eb57f20f5051387ae (patch) | |
tree | 9f6aa6d13ba11460ba53d8ccfab78a898851ed07 | |
parent | cf53eabff29edf3f5486c551fb3e6a510e641a29 (diff) | |
download | bottle-4ba312fa335b67406890454eb57f20f5051387ae.tar.gz |
Don't mutate headers dict passed into static_file()
Mutating the passed in dict can produce unexpected results if the caller
re-uses the dict, e.g. uses the same set of headers for multiple files.
-rwxr-xr-x | bottle.py | 2 | ||||
-rwxr-xr-x | test/test_sendfile.py | 10 |
2 files changed, 11 insertions, 1 deletions
@@ -2878,7 +2878,7 @@ def static_file(filename, root, root = os.path.join(os.path.abspath(root), '') filename = os.path.abspath(os.path.join(root, filename.strip('/\\'))) - headers = headers or {} + headers = headers.copy() if headers else {} if not filename.startswith(root): return HTTPError(403, "Access denied.") diff --git a/test/test_sendfile.py b/test/test_sendfile.py index 622d992..d6693c2 100755 --- a/test/test_sendfile.py +++ b/test/test_sendfile.py @@ -142,3 +142,13 @@ class TestSendFile(unittest.TestCase): self.assertEqual([(10, 100)], r('bytes=10-')) self.assertEqual([(5, 11)], r('bytes=5-10')) self.assertEqual([(10, 100), (90, 100), (5, 11)], r('bytes=10-,-10,5-10')) + + def test_custom_headers(self): + """ SendFile: Custom headers """ + headers = {'X-Custom-Header': 'test-value'} + headers_orig = headers.copy() + res = static_file(basename, root=root, headers=headers) + self.assertTrue('X-Custom-Header' in res.headers) + self.assertEqual('test-value', res.headers['X-Custom-Header']) + # Check the passed in headers dict isn't modified. + self.assertEqual(headers_orig, headers) |