[Checkins] SVN: bobo/trunk/bobo sanitize input on the 404 page

Mon Mar 12 17:09:10 UTC 2012

Log message for revision 124577:
  sanitize input on the 404 page

Changed:
  U   bobo/trunk/bobo/README.txt
  U   bobo/trunk/bobo/setup.py
  U   bobo/trunk/bobo/src/bobo.py
  U   bobo/trunk/bobodoctestumentation/src/bobodoctestumentation/boboserver.test

-=-
Modified: bobo/trunk/bobo/README.txt
===================================================================

--- bobo/trunk/bobo/README.txt	2012-03-12 13:20:06 UTC (rev 124576)
+++ bobo/trunk/bobo/README.txt	2012-03-12 17:09:05 UTC (rev 124577)
@@ -22,6 +22,14 @@
 Change History
 ==============
 
+0.2.3 2012-03-12
+----------------
+
+Bugs fixed:
+
+- Sanitize the request path included in the message on the default
+  404 page.
+
 0.2.2 2010-01-19
 ----------------
 

Modified: bobo/trunk/bobo/setup.py
===================================================================
--- bobo/trunk/bobo/setup.py	2012-03-12 13:20:06 UTC (rev 124576)
+++ bobo/trunk/bobo/setup.py	2012-03-12 17:09:05 UTC (rev 124577)
@@ -12,7 +12,7 @@
 #
 ##############################################################################
 name = 'bobo'
-version = '0.0.0'
+version = '0.2.3'
 
 entry_points = """
 [console_scripts]

Modified: bobo/trunk/bobo/src/bobo.py
===================================================================
--- bobo/trunk/bobo/src/bobo.py	2012-03-12 13:20:06 UTC (rev 124576)
+++ bobo/trunk/bobo/src/bobo.py	2012-03-12 17:09:05 UTC (rev 124577)
@@ -36,6 +36,7 @@
 
 import re
 import sys
+import urllib
 import webob
 
 bbbbad_errors = KeyboardInterrupt, SystemExit, MemoryError
@@ -265,7 +266,8 @@
 
     def not_found(self, request, method):
         return _err_response(
-            404, method, "Not Found", "Could not find: "+request.path_info)
+            404, method, "Not Found",
+            "Could not find: "+ urllib.quote(request.path_info))
 
     def missing_form_variable(self, request, method, name):
         return _err_response(

Modified: bobo/trunk/bobodoctestumentation/src/bobodoctestumentation/boboserver.test
===================================================================
--- bobo/trunk/bobodoctestumentation/src/bobodoctestumentation/boboserver.test	2012-03-12 13:20:06 UTC (rev 124576)
+++ bobo/trunk/bobodoctestumentation/src/bobodoctestumentation/boboserver.test	2012-03-12 17:09:05 UTC (rev 124577)
@@ -242,6 +242,15 @@
     <body>Could not find: /resources/../../</body>
     </html>
 
+The path included in the body is sanitized.
+
+    >>> print app.get('/<b>hi</b>', status=404).body
+    <html>
+    <head><title>Not Found</title></head>
+    <body>Could not find: /%3Cb%3Ehi%3C/b%3E</body>
+    </html>
+    <BLANKLINE>
+
 Cleanup:
 
     >>> restore_server()

