1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: =?utf-8?q?Anes_Hujevi=C4=87?= <anes1996_h@hotmail.com>
Date: Sat, 4 May 2024 21:28:47 +0200
Subject: Update extension.py to clean request.path before logging it (#351)
* Update extension.py to use string format specifier for cleaning request.path
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630
Bug: https://github.com/corydolphin/flask-cors/issues/349
Bug-Debian: https://bugs.debian.org/1069764
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-1681
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2024-1681
---
flask_cors/extension.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index cfeca73..77cf47d 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -180,7 +180,7 @@ def make_after_request_function(resources):
normalized_path = unquote_plus(request.path)
for res_regex, res_options in resources:
if try_match(normalized_path, res_regex):
- LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+ LOG.debug("Request to '%r' matches CORS resource '%s'. Using options: %s",
request.path, get_regexp_pattern(res_regex), res_options)
set_cors_headers(resp, res_options)
break
|
