- Don't allow Unicode strings to be passed to response.write() (merged from 2.6 / 2.7 audit).

2a8a5e38 · Tres Seaver · d0ebdc24 · 2a8a5e38 · 2a8a5e38 · 2a8a5e38
Commit 2a8a5e38 authored Jan 15, 2004 by Tres Seaver
4 changed files
--- a/lib/python/ZServer/FCGIServer.py
+++ b/lib/python/ZServer/FCGIServer.py
@@ -669,6 +669,10 @@ class FCGIResponse(HTTPResponse):
        self.channel = channel
    def write(self, data):
+        if type(data) != type(''):
+            raise TypeError('Value must be a string')
        stdout=self.stdout
        if not self._wrote:

--- a/lib/python/ZServer/HTTPResponse.py
+++ b/lib/python/ZServer/HTTPResponse.py
@@ -151,6 +151,10 @@ class ZServerHTTPResponse(HTTPResponse):
        after beginning stream-oriented output.
        """
+        if type(data) != type(''):
+            raise TypeError('Value must be a string')
        stdout=self.stdout
        if not self._wrote:

--- a/lib/python/ZServer/PCGIServer.py
+++ b/lib/python/ZServer/PCGIServer.py
@@ -341,6 +341,9 @@ class PCGIServer(asyncore.dispatcher):
 class PCGIResponse(HTTPResponse):
    def write(self, data):
+        if type(data) != type(''):
+            raise TypeError('Value must be a string')
        if not self._wrote:
            self.stdout.write(str(self))
            self._wrote=1

--- a/lib/python/ZServer/tests/test_responses.py
+++ b/lib/python/ZServer/tests/test_responses.py
+##############################################################################
+#
+# Copyright (c) 2003 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test general ZServer machinery."""
+from ZServer.HTTPResponse import ZServerHTTPResponse
+from ZServer.FTPResponse import FTPResponse
+from ZServer.PCGIServer import PCGIResponse
+from ZServer.FCGIServer import FCGIResponse
+import unittest
+class ZServerResponseTestCase(unittest.TestCase):
+    """Test ZServer response objects."""
+    def test_http_response_write_unicode(self):
+        response = ZServerHTTPResponse()
+        self.assertRaises(TypeError, response.write, u'bad')
+    def test_ftp_response_write_unicode(self):
+        response = FTPResponse()
+        self.assertRaises(TypeError, response.write, u'bad')
+    def test_pcgi_response_write_unicode(self):
+        response = PCGIResponse()
+        self.assertRaises(TypeError, response.write, u'bad')
+    def test_fcgi_response_write_unicode(self):
+        response = FCGIResponse()
+        self.assertRaises(TypeError, response.write, u'bad')
+def test_suite():
+    return unittest.makeSuite(ZServerResponseTestCase)
+if __name__ == "__main__":
+    unittest.main(defaultTest="test_suite")