diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-12-05 21:16:14 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-05 21:16:14 (GMT) |
| commit | ec8c06bc28b29b62d31b953e54f1d8d8535faa80 (patch) | |
| tree | 96eb04b0a2930f4431d2bdeb60c94c81ccc17bc8 /Misc/NEWS.d | |
| parent | e5075986a7bbc4b1f6b1b3fc85f18501d3b48ec4 (diff) | |
| download | cpython-ec8c06bc28b29b62d31b953e54f1d8d8535faa80.zip cpython-ec8c06bc28b29b62d31b953e54f1d8d8535faa80.tar.gz cpython-ec8c06bc28b29b62d31b953e54f1d8d8535faa80.tar.bz2 | |
gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Diffstat (limited to 'Misc/NEWS.d')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst new file mode 100644 index 0000000..a396e95 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst @@ -0,0 +1,6 @@ +``python -m http.server`` no longer allows terminal control characters sent +within a garbage request to be printed to the stderr server log. + +This is done by changing the :mod:`http.server` :class:`BaseHTTPRequestHandler` +``.log_message`` method to replace control characters with a ``\xHH`` hex escape +before printing. |