diff options
author | Kaan Kivilcim <contact@kaankivilcim.com> | 2014-08-25 15:31:28 +1000 |
---|---|---|
committer | Kaan Kivilcim <contact@kaankivilcim.com> | 2014-08-25 15:31:28 +1000 |
commit | e43fede756b1728e47462fe89bdf35c99c21778c (patch) | |
tree | a8bee1b2e8bbed3319d8f177937342bb847b2935 /paste/urlmap.py | |
parent | 4c177fce89fee925f0f4fbfde00ce2e1252562c0 (diff) | |
download | paste-e43fede756b1728e47462fe89bdf35c99c21778c.tar.gz |
Escape CGI environment variables in HTTP 404 responses
Diffstat (limited to 'paste/urlmap.py')
-rw-r--r-- | paste/urlmap.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/paste/urlmap.py b/paste/urlmap.py index 59b0336..f721f2d 100644 --- a/paste/urlmap.py +++ b/paste/urlmap.py @@ -114,9 +114,9 @@ class URLMap(DictMixin): ',\n '.join(map(repr, matches))) else: extra = '' - extra += '\nSCRIPT_NAME: %r' % environ.get('SCRIPT_NAME') - extra += '\nPATH_INFO: %r' % environ.get('PATH_INFO') - extra += '\nHTTP_HOST: %r' % environ.get('HTTP_HOST') + extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME')) + extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO')) + extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST')) app = httpexceptions.HTTPNotFound( environ['PATH_INFO'], comment=cgi.escape(extra)).wsgi_application |