Commit cc064f25 authored by Laurence Rowe's avatar Laurence Rowe

ZPublisher: HTTPResponse.appendHeader now keeps header values to a single

line by default to avoid causing problems for proxy servers which do not
correctly handle multi-line headers.
parent a2971d8a
...@@ -15,6 +15,10 @@ Bugs Fixed ...@@ -15,6 +15,10 @@ Bugs Fixed
Features Added Features Added
++++++++++++++ ++++++++++++++
- ZPublisher: HTTPResponse.appendHeader now keeps header values to a single
line by default to avoid causing problems for proxy servers which do not
correctly handle multi-line headers.
- Updated distributions: - Updated distributions:
- Products.ZCatalog = 2.13.9 - Products.ZCatalog = 2.13.9
......
...@@ -338,7 +338,7 @@ class HTTPResponse(BaseResponse): ...@@ -338,7 +338,7 @@ class HTTPResponse(BaseResponse):
name = literal and name or key name = literal and name or key
self.headers[name] = value self.headers[name] = value
def appendHeader(self, name, value, delimiter=","): def appendHeader(self, name, value, delimiter=", "):
""" Append a value to an HTTP return header. """ Append a value to an HTTP return header.
Set an HTTP return header "name" with value "value", Set an HTTP return header "name" with value "value",
...@@ -353,7 +353,7 @@ class HTTPResponse(BaseResponse): ...@@ -353,7 +353,7 @@ class HTTPResponse(BaseResponse):
headers = self.headers headers = self.headers
if headers.has_key(name): if headers.has_key(name):
h = headers[name] h = headers[name]
h = "%s%s\r\n\t%s" % (h, delimiter, value) h = "%s%s%s" % (h, delimiter, value)
else: else:
h = value h = value
self.setHeader(name,h, scrubbed=True) self.setHeader(name,h, scrubbed=True)
......
...@@ -445,13 +445,13 @@ class HTTPResponseTests(unittest.TestCase): ...@@ -445,13 +445,13 @@ class HTTPResponseTests(unittest.TestCase):
response = self._makeOne() response = self._makeOne()
response.setHeader('foo', 'bar') response.setHeader('foo', 'bar')
response.appendHeader('foo', 'foo') response.appendHeader('foo', 'foo')
self.assertEqual(response.headers.get('foo'), 'bar,\r\n\tfoo') self.assertEqual(response.headers.get('foo'), 'bar, foo')
def test_appendHeader_w_existing_case_insenstative(self): def test_appendHeader_w_existing_case_insenstative(self):
response = self._makeOne() response = self._makeOne()
response.setHeader('xxx', 'bar') response.setHeader('xxx', 'bar')
response.appendHeader('XXX', 'foo') response.appendHeader('XXX', 'foo')
self.assertEqual(response.headers.get('xxx'), 'bar,\r\n\tfoo') self.assertEqual(response.headers.get('xxx'), 'bar, foo')
def test_appendHeader_drops_CRLF(self): def test_appendHeader_drops_CRLF(self):
# RFC2616 disallows CRLF in a header value. # RFC2616 disallows CRLF in a header value.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment