diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-12-06 10:22:12 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-06 10:22:12 (GMT) |
| commit | 3b81c13ac3e0acfdbfb0d916a4ea627c9a546049 (patch) | |
| tree | 369596c79082c9e4fa7b2e5c2ea7a97e3880a181 /Misc | |
| parent | 7b98207aa46bd637d07a7c4a84e998726b74acde (diff) | |
| download | cpython-3b81c13ac3e0acfdbfb0d916a4ea627c9a546049.zip cpython-3b81c13ac3e0acfdbfb0d916a4ea627c9a546049.tar.gz cpython-3b81c13ac3e0acfdbfb0d916a4ea627c9a546049.tar.bz2 | |
[3.9] gh-100001: Omit control characters in http.server stderr logs. (GH-100002) (#100032)
* gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* also escape \s (backport of PR #100038).
* add versionadded and remove extra 'to'
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst new file mode 100644 index 0000000..a396e95 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst @@ -0,0 +1,6 @@ +``python -m http.server`` no longer allows terminal control characters sent +within a garbage request to be printed to the stderr server log. + +This is done by changing the :mod:`http.server` :class:`BaseHTTPRequestHandler` +``.log_message`` method to replace control characters with a ``\xHH`` hex escape +before printing. |