block people from using random python methods as HTTP methods

Bug #176415 reported by Aaron Swartz
252
Affects Status Importance Assigned to Milestone
web.py
Fix Released
High
Anand Chitipothu

Bug Description

Maybe filter on ALL-CAPS methods?

Aaron Swartz (aaronsw)
Changed in webpy:
assignee: nobody → anandology
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Anand Chitipothu (anandology) wrote : Re: [Bug 176415] Re: block people from using random python methods as HTTP methods

On Dec 15, 2007 12:43 AM, Aaron Swartz <email address hidden> wrote:
> ** Changed in: webpy
> Importance: Undecided => High
> Assignee: (unassigned) => Anand Chitipothu (anandology)
> Status: New => Confirmed
>
> ** This bug has been flagged as a security issue

Shall we put 0.23 release with this?

Revision history for this message
Aaron Swartz (aaronsw) wrote :

That's probably a good idea. Are there other fixes waiting in the svn branch?

Revision history for this message
Anand Chitipothu (anandology) wrote :

On Dec 15, 2007 7:23 AM, Aaron Swartz <email address hidden> wrote:
> That's probably a good idea. Are there other fixes waiting in the svn
> branch?

Yes, importantly web.sendmail.

Changed in webpy:
milestone: none → 0.23
status: Confirmed → Fix Committed
Changed in webpy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.