[zope2-tracker] [Bug 509926] [NEW] response.appendHeader leaves carriage return cruft behind

Tres Seaver tseaver at palladion.com
Wed Jan 20 11:31:03 EST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Launchpad Bug Tracker wrote:
> You have been subscribed to a public bug:
> 
> In ZPublixher.HTTPResponse.appendHeader, we seem to be inserting some
> carriage return cruft in the header value which doesn't get cleaned up
> after.
> 
> Possible patch...
> 
> --- HTTPResponse.py
> +++ (clipboard)
> @@ -592,14 +592,16 @@
>          set for the header. '''
>          name, value = _scrubHeader(name, value)
>          name = name.lower()
> +        scrubbed = True
>  
>          headers = self.headers
>          if headers.has_key(name):
>              h = headers[name]
> -            h = "%s%s\r\n\t%s" % (h,delimiter,value)
> +            h = "%s%s%s" % (h,delimiter,value)
> +            scrubbed = False
>          else:
>              h = value
> -        self.setHeader(name,h, scrubbed=True)
> +        self.setHeader(name,h, scrubbed=scrubbed)
>  
>      def isHTML(self, s):
>          s = s.lstrip()
> 
> ** Affects: zope2
>      Importance: Undecided
>          Status: New

You don't specify why you think Zope's current behavior is broken. RFC
2616 specifies[1]:

  Header fields can be extended over multiple lines by preceding each
  extra line with at least one SP or HT.

Your patch also introduces a bug (any previous value for the header is
jammed directly against the new value), and you don't seem to get what
the 'scrubbed' argument is for (previous and new values are already
scrubbbed, so you don't need to scrub again).


[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktXL8IACgkQ+gerLs4ltQ4NHQCeJOmBHLel67LFHjCHmbCW57Sz
wWkAoJeNUjmf9YBjkTQ+rZXkXyvyscSh
=DQt+
-----END PGP SIGNATURE-----

-- 
response.appendHeader leaves carriage return cruft behind
https://bugs.launchpad.net/bugs/509926
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.

More information about the zope2-tracker mailing list