mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-04 22:20:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

gh-100001: Omit control characters in http.server stderr logs. (GH-100002)

Browse source 
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
This commit is contained in:
Miss Islington (bot) 2022-12-05 13:39:22 -08:00 committed by GitHub
parent f3a58cece6
commit a726f747e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 43 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Doc/library/http.server.rst
View file

@ -512,3 +512,10 @@ Security Considerations
:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling
requests, this makes it possible for files outside of the specified directory
to be served.
Earlier versions of Python did not scrub control characters from the
log messages emitted to stderr from ``python -m http.server`` or the
default :class:`BaseHTTPRequestHandler` ``.log_message``
implementation. This could allow to remote clients connecting to your
server to send nefarious control codes to your terminal.