Skip to content

Z
Zope
Commit 4ac681d1 authored by 's avatar
Browse files
Options

Added security assertion to headers member of FileUpload

parent 126db9fe
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 2 deletions
lib/python/ZPublisher/HTTPRequest.py
View file @ 4ac681d1
...@@ -83,7 +83,7 @@ ...@@ -83,7 +83,7 @@
# #
############################################################################## ##############################################################################
__version__='$Revision: 1.46 $'[11:-2] __version__='$Revision: 1.47 $'[11:-2]
import regex, re, sys, os, string, urllib, time, whrandom import regex, re, sys, os, string, urllib, time, whrandom
from string import lower, atoi, rfind, split, strip, join, upper, find from string import lower, atoi, rfind, split, strip, join, upper, find
...@@ -1016,7 +1016,12 @@ class FileUpload: ...@@ -1016,7 +1016,12 @@ class FileUpload:
self.headers=aFieldStorage.headers self.headers=aFieldStorage.headers
self.filename=aFieldStorage.filename self.filename=aFieldStorage.filename
# Add an assertion to the rfc822.Message object that implements
# self.headers so that managed code can access them.
try: self.headers.__allow_access_to_unprotected_subobjects__ = 1
except: pass
parse_cookie_lock=allocate_lock() parse_cookie_lock=allocate_lock()
def parse_cookie(text, def parse_cookie(text,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7