summaryrefslogtreecommitdiff
path: root/paste/urlmap.py
diff options
context:
space:
mode:
authorKaan Kivilcim <contact@kaankivilcim.com>2014-08-25 15:31:28 +1000
committerKaan Kivilcim <contact@kaankivilcim.com>2014-08-25 15:31:28 +1000
commite43fede756b1728e47462fe89bdf35c99c21778c (patch)
treea8bee1b2e8bbed3319d8f177937342bb847b2935 /paste/urlmap.py
parent4c177fce89fee925f0f4fbfde00ce2e1252562c0 (diff)
downloadpaste-e43fede756b1728e47462fe89bdf35c99c21778c.tar.gz
Escape CGI environment variables in HTTP 404 responses
Diffstat (limited to 'paste/urlmap.py')
-rw-r--r--paste/urlmap.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/paste/urlmap.py b/paste/urlmap.py
index 59b0336..f721f2d 100644
--- a/paste/urlmap.py
+++ b/paste/urlmap.py
@@ -114,9 +114,9 @@ class URLMap(DictMixin):
',\n '.join(map(repr, matches)))
else:
extra = ''
- extra += '\nSCRIPT_NAME: %r' % environ.get('SCRIPT_NAME')
- extra += '\nPATH_INFO: %r' % environ.get('PATH_INFO')
- extra += '\nHTTP_HOST: %r' % environ.get('HTTP_HOST')
+ extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME'))
+ extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO'))
+ extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST'))
app = httpexceptions.HTTPNotFound(
environ['PATH_INFO'],
comment=cgi.escape(extra)).wsgi_application