1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: Federico Ceratto <federico@debian.org>
Subject: Fix string type bug introduced with the CVE-2016-9964 patch
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850176
Bug: https://github.com/bottlepy/bottle/issues/923
Origin: vendor
Forwarded: no
--- a/bottle.py
+++ b/bottle.py
@@ -1402,7 +1402,7 @@
def _hval(value):
- value = value if isinstance(value, unicode) else str(value)
+ value = tonat(value)
if '\n' in value or '\r' in value or '\0' in value:
raise ValueError("Header value must not contain control characters: %r" % value)
return value
--- a/test/test_environ.py
+++ b/test/test_environ.py
@@ -646,6 +646,8 @@
self.assertEqual('5', response['x-test'])
response['x-test'] = None
self.assertEqual('None', response['x-test'])
+ response['x-test'] = touni('瓶')
+ self.assertEqual(tonat(touni('瓶')), response['x-test'])
def test_expires_header(self):
import datetime
|
