=== modified file 'paste/errordocument.py'
--- paste/errordocument.py 2008-06-13 23:59:22 +0000
+++ paste/errordocument.py 2010-09-24 17:23:33 +0000
@@ -285,7 +285,7 @@
parts = status.split(' ')
try:
code = int(parts[0])
- except ValueError, TypeError:
+ except (ValueError, TypeError):
raise Exception(
'_StatusBasedRedirect middleware '
'received an invalid status code %s'%repr(parts[0])
=== modified file 'paste/httpexceptions.py'
--- paste/httpexceptions.py 2010-04-20 19:52:41 +0000
+++ paste/httpexceptions.py 2010-09-24 17:23:33 +0000
@@ -77,7 +77,7 @@
from paste.wsgilib import catch_errors_app
from paste.response import has_header, header_value, replace_header
from paste.request import resolve_relative_url
-from paste.util.quoting import strip_html, html_quote, no_quote
+from paste.util.quoting import strip_html, html_quote, no_quote, comment_quote
SERVER_NAME = 'WSGI Server'
TEMPLATE = """\
@@ -212,12 +212,12 @@
def plain(self, environ):
""" text/plain representation of the exception """
- body = self.make_body(environ, strip_html(self.template), no_quote)
+ body = self.make_body(environ, strip_html(self.template), comment_quote)
return ('%s %s\r\n%s\r\n' % (self.code, self.title, body))
def html(self, environ):
""" text/html representation of the exception """
- body = self.make_body(environ, self.template, html_quote, no_quote)
+ body = self.make_body(environ, self.template, html_quote, comment_quote)
return TEMPLATE % {
'title': self.title,
'code': self.code,
=== modified file 'paste/urlmap.py'
--- paste/urlmap.py 2008-06-13 23:59:22 +0000
+++ paste/urlmap.py 2010-09-24 17:23:33 +0000
@@ -7,6 +7,7 @@
from UserDict import DictMixin
import re
import os
+import cgi
from paste import httpexceptions
__all__ = ['URLMap', 'PathProxyURLMap']
@@ -105,7 +106,7 @@
extra += '\nHTTP_HOST: %r' % environ.get('HTTP_HOST')
app = httpexceptions.HTTPNotFound(
environ['PATH_INFO'],
- comment=extra).wsgi_application
+ comment=cgi.escape(extra)).wsgi_application
return app(environ, start_response)
def normalize_url(self, url, trim=True):
=== modified file 'paste/util/mimeparse.py'
--- paste/util/mimeparse.py 2010-04-20 19:52:41 +0000
+++ paste/util/mimeparse.py 2010-09-24 17:23:33 +0000
@@ -121,3 +121,26 @@
for mime_type in supported]
weighted_matches.sort()
return weighted_matches[-1][0][1] and weighted_matches[-1][1] or ''
+
+def desired_matches(desired, header):
+ """Takes a list of desired mime-types in the order the server prefers to
+ send them regardless of the browsers preference.
+
+ Browsers (such as Firefox) technically want XML over HTML depending on how
+ one reads the specification. This function is provided for a server to
+ declare a set of desired mime-types it supports, and returns a subset of
+ the desired list in the same order should each one be Accepted by the
+ browser.
+
+ >>> sorted_match(['text/html', 'application/xml'], \
+ ... 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png')
+ ['text/html', 'application/xml']
+ >>> sorted_match(['text/html', 'application/xml'], 'application/xml,application/json')
+ ['application/xml']
+ """
+ matches = []
+ parsed_ranges = [parse_media_range(r) for r in header.split(",")]
+ for mimetype in desired:
+ if quality_parsed(mimetype, parsed_ranges):
+ matches.append(mimetype)
+ return matches
=== modified file 'paste/util/quoting.py'
--- paste/util/quoting.py 2010-04-20 19:52:41 +0000
+++ paste/util/quoting.py 2010-09-24 17:23:33 +0000
@@ -76,6 +76,13 @@
"""
return s
+_comment_quote_re = re.compile(r'\-\s*\>')
+def comment_quote(s):
+ """
+ Quote that makes sure text can't escape a comment
+ """
+ return _comment_quote_re.sub('->', str(s))
+
url_quote = urllib.quote
url_unquote = urllib.unquote
=== modified file 'tests/test_urlmap.py'
--- tests/test_urlmap.py 2006-05-26 23:18:53 +0000
+++ tests/test_urlmap.py 2010-09-24 17:23:33 +0000
@@ -40,3 +40,8 @@
res.mustcontain('path_info="/z/y"')
res.mustcontain('f-only')
+def test_404():
+ mapper = URLMap({})
+ app = TestApp(mapper, extra_environ={'HTTP_ACCEPT': 'text/html'})
+ res = app.get("/-->%0D", status=404)
+ assert '-->", status=404)
+ assert '-->