diff options
author | Marc Abramowitz <marc@marc-abramowitz.com> | 2015-05-11 07:47:19 -0700 |
---|---|---|
committer | Marc Abramowitz <marc@marc-abramowitz.com> | 2015-05-11 07:47:19 -0700 |
commit | 55c7d721d40d133b9e2e93dea2e624b14888f76e (patch) | |
tree | 3ecbd4a94d8dc23b620b817035f84c4fbb907e63 /paste | |
parent | b55de423be025806ccffa948b54bf40061fb7c1f (diff) | |
parent | e43fede756b1728e47462fe89bdf35c99c21778c (diff) | |
download | paste-55c7d721d40d133b9e2e93dea2e624b14888f76e.tar.gz |
Merged in ls_/paste (pull request #20)
Escape CGI environment variables in HTTP 404 responses
Diffstat (limited to 'paste')
-rw-r--r-- | paste/urlmap.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/paste/urlmap.py b/paste/urlmap.py index 59b0336..f721f2d 100644 --- a/paste/urlmap.py +++ b/paste/urlmap.py @@ -114,9 +114,9 @@ class URLMap(DictMixin): ',\n '.join(map(repr, matches))) else: extra = '' - extra += '\nSCRIPT_NAME: %r' % environ.get('SCRIPT_NAME') - extra += '\nPATH_INFO: %r' % environ.get('PATH_INFO') - extra += '\nHTTP_HOST: %r' % environ.get('HTTP_HOST') + extra += '\nSCRIPT_NAME: %r' % cgi.escape(environ.get('SCRIPT_NAME')) + extra += '\nPATH_INFO: %r' % cgi.escape(environ.get('PATH_INFO')) + extra += '\nHTTP_HOST: %r' % cgi.escape(environ.get('HTTP_HOST')) app = httpexceptions.HTTPNotFound( environ['PATH_INFO'], comment=cgi.escape(extra)).wsgi_application |