block people from using random python methods as HTTP methods

Bug #176415 reported by Aaron Swartz on 2007-12-14
252
Affects Status Importance Assigned to Milestone
web.py
High
Anand Chitipothu

Bug Description

Maybe filter on ALL-CAPS methods?

Aaron Swartz (aaronsw) on 2007-12-14
Changed in webpy:
assignee: nobody → anandology
importance: Undecided → High
status: New → Confirmed

On Dec 15, 2007 12:43 AM, Aaron Swartz <email address hidden> wrote:
> ** Changed in: webpy
> Importance: Undecided => High
> Assignee: (unassigned) => Anand Chitipothu (anandology)
> Status: New => Confirmed
>
> ** This bug has been flagged as a security issue

Shall we put 0.23 release with this?

Aaron Swartz (aaronsw) wrote :

That's probably a good idea. Are there other fixes waiting in the svn branch?

Anand Chitipothu (anandology) wrote :

On Dec 15, 2007 7:23 AM, Aaron Swartz <email address hidden> wrote:
> That's probably a good idea. Are there other fixes waiting in the svn
> branch?

Yes, importantly web.sendmail.

Changed in webpy:
milestone: none → 0.23
status: Confirmed → Fix Committed
Changed in webpy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers