On 06/05/2014 01:07 PM, Michael Merickel wrote:
On Thu, Jun 5, 2014 at 11:40 AM, Chris McDonough <chr...@plope.com <mailto:chr...@plope.com>> wrote: On 06/05/2014 11:49 AM, Bert JW Regeer wrote: https://github.com/Pylons/__webob/pull/150 <https://github.com/Pylons/webob/pull/150> Is an outstanding pull request to fix this in from_file() in WebOb, would this solve the problem? Probably not. More like here: https://github.com/Pylons/__pyramid/blob/master/pyramid/__response.py#L55 <https://github.com/Pylons/pyramid/blob/master/pyramid/response.py#L55> It may not be bad to just sanitize all headers in start_response or in _abs_headerlist: https://github.com/Pylons/webob/blob/master/webob/response.py#L1027
I've applied a patch to Pyramid that works around the problem at https://github.com/Pylons/pyramid/issues/1360 . We might still apply a separate patch to webob to prevent us from needing to think about the problem again.
- C
-- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com <mailto:pylons-devel+unsubscr...@googlegroups.com>. To post to this group, send email to pylons-devel@googlegroups.com <mailto:pylons-devel@googlegroups.com>. Visit this group at http://groups.google.com/group/pylons-devel. For more options, visit https://groups.google.com/d/optout.
-- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com. To post to this group, send email to pylons-devel@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-devel. For more options, visit https://groups.google.com/d/optout.
