allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [allura] branch master updated: [#8277] Catch url/unicode problems in early middleware and raise 400
Date Fri, 12 Apr 2019 15:05:11 GMT
This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git


The following commit(s) were added to refs/heads/master by this push:
     new 840b549  [#8277] Catch url/unicode problems in early middleware and raise 400
840b549 is described below

commit 840b549a34ab428a9e91572d46a70bc338426a46
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
AuthorDate: Thu Apr 11 19:53:34 2019 +0000

    [#8277] Catch url/unicode problems in early middleware and raise 400
---
 Allura/allura/lib/custom_middleware.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index bd27868..4c7c530 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -240,7 +240,7 @@ class SSLMiddleware(object):
             request_uri = req.url
             request_uri.decode('ascii')
         except UnicodeError:
-            resp = exc.HTTPNotFound()
+            resp = exc.HTTPBadRequest()
 
         secure = req.url.startswith('https://')
         srv_path = req.url.split('://', 1)[-1]
@@ -275,7 +275,14 @@ class SetRequestHostFromConfig(object):
         # since the app may accept both http and https inbound requests, and many places
in code need to check that
         # potentially could set wsgi.url_scheme based on 'HTTP_X_FORWARDED_SSL' == 'on' and/or
         #   'HTTP_X_FORWARDED_PROTO' == 'https'
-        resp = self.app
+        req = Request(environ)
+        try:
+            req.params  # check for malformed unicode, this is the first middleware that
might trip over it.
+            resp = self.app
+        except UnicodeError:
+            resp = exc.HTTPBadRequest()
+
+
         return resp(environ, start_response)
 
 


Mime
View raw message