homepage

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients Arfrever, barry, jwilk, loewis, pl, r.david.murray, terry.reedy, vvl, ysj.ray
Date 2011年01月10日.21:01:23
SpamBayes Score 4.691874e-08
Marked as misclassified No
Message-id <1294693295.87.0.945714514547.issue5871@psf.upfronthosting.co.za>
In-reply-to
Content 
I'm inclined not to support backporting to Python 2.6. It seems like a fairly rare and narrow hole for security problem, because it would require a program to add the bogus header explicitly, as opposed to getting it after parsing some data. To me, that smacks of SQL-injection or XSS type bug, where it's really the application that's the problem.
Or in other words, assuming you don't have a program that is deliberately adding such headers (and then it should be considered a feature, i.e. they know what they're doing), then you'd have to trick a header-adding program to add some unvalidated text.
I dunno, it doesn't seem like a serious enough threat to backport.
History
Date User Action Args
2011年01月10日 21:01:36barrysetrecipients: + barry, loewis, terry.reedy, jwilk, pl, Arfrever, r.david.murray, ysj.ray, vvl
2011年01月10日 21:01:35barrysetmessageid: <1294693295.87.0.945714514547.issue5871@psf.upfronthosting.co.za>
2011年01月10日 21:01:23barrylinkissue5871 messages
2011年01月10日 21:01:23barrycreate

AltStyle によって変換されたページ (->オリジナル) /