[CalendarServer-changes] [4371] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.error.patch
source_changes at macosforge.org
source_changes at macosforge.org
Wed Jun 24 06:36:19 PDT 2009
Revision: 4371
http://trac.macosforge.org/projects/calendarserver/changeset/4371
Author: cdaboo at apple.com
Date: 2009-06-24 06:36:18 -0700 (Wed, 24 Jun 2009)
Log Message:
-----------
Fix UTF-7 XSS attacks due to browser charset auto-detection.
Added Paths:
-----------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.error.patch
Added: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.error.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.error.patch (rev 0)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.error.patch 2009-06-24 13:36:18 UTC (rev 4371)
@@ -0,0 +1,13 @@
+Index: twisted/web2/error.py
+===================================================================
+--- twisted/web2/error.py (revision 26969)
++++ twisted/web2/error.py (working copy)
+@@ -92,7 +92,7 @@
+ "<body><h1>%s</h1>%s</body></html>") % (
+ response.code, title, title, message)
+
+- response.headers.setHeader("content-type", http_headers.MimeType('text', 'html'))
++ response.headers.setHeader("content-type", http_headers.MimeType('text', 'html', {'charset':'utf-8'}))
+ response.stream = stream.MemoryStream(body)
+
+ return response
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090624/3fca4dc8/attachment.html>
More information about the calendarserver-changes
mailing list