Merged in ls_/paste (pull request #20)

Escape CGI environment variables in HTTP 404 responses
author: Marc Abramowitz <marc@marc-abramowitz.com> 2015-05-11 07:47:19 -0700
committer: Marc Abramowitz <marc@marc-abramowitz.com> 2015-05-11 07:47:19 -0700
commit: 5e790765f55c9240d8f18136f73a17bace959192 (patch)
tree: 3ecbd4a94d8dc23b620b817035f84c4fbb907e63 /paste
parent: 12752fc39a9372901b0db69c9a784c2778be90e0 (diff)
parent: 0e9b733bff40d284ea77a29a7c7ef82b960bd4b1 (diff)
download: paste-git-5e790765f55c9240d8f18136f73a17bace959192.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/paste/urlmap.py b/paste/urlmap.py
index 59b0336..f721f2d 100644
--- a/paste/urlmap.py
+++ b/paste/urlmap.py
@@ -114,9 +114,9 @@ class URLMap(DictMixin):
                 ',\n  '.join(map(repr, matches)))
         else:
             extra = ''
-        extra += '\nSCRIPT_NAME: %r' % environ.get('SCRIPT_NAME')
-        extra += '\nPATH_INFO: %r' % environ.get('PATH_INFO')
-        extra += '\nHTTP_HOST: %r' % environ.get('HTTP_HOST')
+        extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME'))
+        extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO'))
+        extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST'))
         app = httpexceptions.HTTPNotFound(
             environ['PATH_INFO'],
             comment=cgi.escape(extra)).wsgi_application
author	Marc Abramowitz <marc@marc-abramowitz.com>	2015-05-11 07:47:19 -0700
committer	Marc Abramowitz <marc@marc-abramowitz.com>	2015-05-11 07:47:19 -0700
commit	5e790765f55c9240d8f18136f73a17bace959192 (patch)
tree	3ecbd4a94d8dc23b620b817035f84c4fbb907e63 /paste
parent	12752fc39a9372901b0db69c9a784c2778be90e0 (diff)
parent	0e9b733bff40d284ea77a29a7c7ef82b960bd4b1 (diff)
download	paste-git-5e790765f55c9240d8f18136f73a17bace959192.tar.gz