Patchwork D2731: hgweb: validate WSGI environment dict

login
register
mail settings
Submitter phabricator
Date March 9, 2018, 7:29 p.m.
Message ID <748195b5c7321f0ba9b2f60d7502daf5@localhost.localdomain>
Download mbox | patch
Permalink /patch/29185/
State Not Applicable
Headers show

Comments

phabricator - March 9, 2018, 7:29 p.m.
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG8e1556ac01bb: hgweb: validate WSGI environment dict (authored by indygreg, committed by ).

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D2731?vs=6737&id=6775

REVISION DETAIL
  https://phab.mercurial-scm.org/D2731

AFFECTED FILES
  mercurial/hgweb/server.py

CHANGE DETAILS




To: indygreg, #hg-reviewers, durin42
Cc: mercurial-devel

Patch

diff --git a/mercurial/hgweb/server.py b/mercurial/hgweb/server.py
--- a/mercurial/hgweb/server.py
+++ b/mercurial/hgweb/server.py
@@ -13,6 +13,7 @@ 
 import socket
 import sys
 import traceback
+import wsgiref.validate
 
 from ..i18n import _
 
@@ -128,8 +129,7 @@ 
         env[r'PATH_INFO'] = pycompat.sysstr(path[len(self.server.prefix):])
         env[r'REMOTE_HOST'] = self.client_address[0]
         env[r'REMOTE_ADDR'] = self.client_address[0]
-        if query:
-            env[r'QUERY_STRING'] = query
+        env[r'QUERY_STRING'] = query or r''
 
         if pycompat.ispy3:
             if self.headers.get_content_type() is None:
@@ -166,6 +166,8 @@ 
                                               socketserver.ForkingMixIn)
         env[r'wsgi.run_once'] = 0
 
+        wsgiref.validate.check_environ(env)
+
         self.saved_status = None
         self.saved_headers = []
         self.length = None