[Python-modules-commits] [python-werkzeug] 01/07: Import python-werkzeug_0.11.11+dfsg1.orig.tar.gz
Ondřej Nový
onovy at moszumanska.debian.org
Mon Nov 7 22:18:26 UTC 2016
This is an automated email from the git hooks/post-receive script.
onovy pushed a commit to branch master
in repository python-werkzeug.
commit e2b21c202c14d81967c2ccb8b4ce5e63d61406b8
Author: Ondřej Nový <onovy at debian.org>
Date: Thu Sep 8 20:03:46 2016 +0200
Import python-werkzeug_0.11.11+dfsg1.orig.tar.gz
---
.travis.yml | 6 +++---
AUTHORS | 2 ++
CHANGES | 16 +++++++++++++++-
tests/contrib/test_wrappers.py | 10 ++++++++++
tests/test_datastructures.py | 9 +++++++++
tests/test_http.py | 9 +++++++++
tests/test_test.py | 1 +
tests/test_wrappers.py | 20 ++++++++++++++------
werkzeug/__init__.py | 2 +-
werkzeug/contrib/wrappers.py | 2 +-
werkzeug/datastructures.py | 6 +++++-
werkzeug/debug/tbtools.py | 2 +-
werkzeug/http.py | 3 +--
werkzeug/test.py | 4 ++--
14 files changed, 74 insertions(+), 18 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 06fe761..2db571f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,15 +17,15 @@ install:
PYENV_ROOT="$HOME/.pyenv";
PATH="$PYENV_ROOT/bin:$PATH";
eval "$(pyenv init -)";
- pyenv install pypy-2.6.1;
- pyenv global pypy-2.6.1;
+ pyenv install pypy-4.0.1;
+ pyenv global pypy-4.0.1;
fi
- python --version
- pip install tox flake8
script:
- tox -e py
- - make stylecheck
+ - '[ "$TRAVIS_PYTHON_VERSION" = "2.6" ] || make stylecheck'
branches:
except:
diff --git a/AUTHORS b/AUTHORS
index 82002ea..7ff225d 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -28,6 +28,8 @@ Project Leader / Developer:
- Daniel Neuhäuser
- Markus Unterwaditzer
- Joe Esposito <joe at joeyespo.com>
+- Cédric Krier
+- Lars Holm Nielsen
Contributors of code for werkzeug/examples are:
diff --git a/CHANGES b/CHANGES
index d22dcb0..04bd63c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,20 @@
Werkzeug Changelog
==================
+Version 0.11.11
+---------------
+
+Released on August 31st 2016.
+
+- Fix JSONRequestMixin for Python3. See #731
+- Fix broken string handling in test client when passing integers. See #852
+- Fix a bug in ``parse_options_header`` where an invalid content type
+ starting with comma or semi-colon would result in an invalid return value,
+ see issue ``#995``.
+- Fix a bug in multidicts when passing empty lists as values, see issue
+ ``#979``.
+- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``.
+
Version 0.11.10
---------------
@@ -277,7 +291,7 @@ Version 0.9.7
object (pull request ``#583``).
- The ``qop`` parameter for ``WWW-Authenticate`` headers is now always quoted,
as required by RFC 2617 (issue ``#633``).
-- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where add/set
+- Fix bug in ``werkzeug.contrib.cache.SimpleCache`` with Python 3 where add/set
may throw an exception when pruning old entries from the cache (pull request
``#651``).
diff --git a/tests/contrib/test_wrappers.py b/tests/contrib/test_wrappers.py
index a16083f..6248243 100644
--- a/tests/contrib/test_wrappers.py
+++ b/tests/contrib/test_wrappers.py
@@ -16,6 +16,16 @@ from werkzeug import routing
from werkzeug.wrappers import Request, Response
+def test_json_request_mixin():
+ class MyRequest(wrappers.JSONRequestMixin, Request):
+ pass
+ req = MyRequest.from_values(
+ data=u'{"foä": "bar"}'.encode('utf-8'),
+ content_type='text/json'
+ )
+ assert req.json == {u'foä': 'bar'}
+
+
def test_reverse_slash_behavior():
class MyRequest(wrappers.ReverseSlashBehaviorRequestMixin, Request):
pass
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index 4335d55..3c08e30 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -377,6 +377,15 @@ class TestMultiDict(_MutableMultiDictTests):
assert list(zip(iterkeys(md), iterlistvalues(md))) == \
list(iterlists(md))
+ def test_getitem_raise_badrequestkeyerror_for_empty_list_value(self):
+ mapping = [('a', 'b'), ('a', 'c')]
+ md = self.storage_class(mapping)
+
+ md.setlistdefault('empty', [])
+
+ with pytest.raises(KeyError):
+ md['empty']
+
class TestOrderedMultiDict(_MutableMultiDictTests):
storage_class = datastructures.OrderedMultiDict
diff --git a/tests/test_http.py b/tests/test_http.py
index dead6c7..59e4007 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -266,6 +266,15 @@ class TestHTTPUtility(object):
'text/x-dvi; q=0.8, text/x-c') == \
('text/plain', {'q': '0.5'})
+ def test_parse_options_header_broken_values(self):
+ # Issue #995
+ assert http.parse_options_header(' ') == ('', {})
+ assert http.parse_options_header(' , ') == ('', {})
+ assert http.parse_options_header(' ; ') == ('', {})
+ assert http.parse_options_header(' ,; ') == ('', {})
+ assert http.parse_options_header(' , a ') == ('', {})
+ assert http.parse_options_header(' ; a ') == ('', {})
+
def test_dump_options_header(self):
assert http.dump_options_header('foo', {'bar': 42}) == \
'foo; bar=42'
diff --git a/tests/test_test.py b/tests/test_test.py
index 3214937..1624644 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -143,6 +143,7 @@ def test_environ_builder_basics():
assert b.content_type == 'application/x-www-form-urlencoded'
b.files.add_file('test', BytesIO(b'test contents'), 'test.txt')
assert b.files['test'].content_type == 'text/plain'
+ b.form['test_int'] = 1
assert b.content_type == 'multipart/form-data'
req = b.get_request()
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 4c11c73..e4c77de 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -639,17 +639,25 @@ def test_shallow_mode():
def test_form_parsing_failed():
- data = (
- b'--blah\r\n'
- )
- data = wrappers.Request.from_values(
+ data = b'--blah\r\n'
+ request = wrappers.Request.from_values(
input_stream=BytesIO(data),
content_length=len(data),
content_type='multipart/form-data; boundary=foo',
method='POST'
)
- assert not data.files
- assert not data.form
+ assert not request.files
+ assert not request.form
+
+ # Bad Content-Type
+ data = b'test'
+ request = wrappers.Request.from_values(
+ input_stream=BytesIO(data),
+ content_length=len(data),
+ content_type=', ',
+ method='POST'
+ )
+ assert not request.form
def test_file_closing():
diff --git a/werkzeug/__init__.py b/werkzeug/__init__.py
index 4c6f429..729d91e 100644
--- a/werkzeug/__init__.py
+++ b/werkzeug/__init__.py
@@ -20,7 +20,7 @@ import sys
from werkzeug._compat import iteritems
# the version. Usually set automatically by a script.
-__version__ = '0.11.10'
+__version__ = '0.11.11-dev'
# This import magic raises concerns quite often which is why the implementation
diff --git a/werkzeug/contrib/wrappers.py b/werkzeug/contrib/wrappers.py
index b0816c1..75781c2 100644
--- a/werkzeug/contrib/wrappers.py
+++ b/werkzeug/contrib/wrappers.py
@@ -56,7 +56,7 @@ class JSONRequestMixin(object):
if 'json' not in self.environ.get('CONTENT_TYPE', ''):
raise BadRequest('Not a JSON request')
try:
- return loads(self.data)
+ return loads(self.data.decode(self.charset, self.encoding_errors))
except Exception:
raise BadRequest('Unable to read JSON request')
diff --git a/werkzeug/datastructures.py b/werkzeug/datastructures.py
index 4f9f451..171ec64 100644
--- a/werkzeug/datastructures.py
+++ b/werkzeug/datastructures.py
@@ -372,6 +372,8 @@ class MultiDict(TypeConversionDict):
tmp = {}
for key, value in iteritems(mapping):
if isinstance(value, (tuple, list)):
+ if len(value) == 0:
+ continue
value = list(value)
else:
value = [value]
@@ -398,7 +400,9 @@ class MultiDict(TypeConversionDict):
:raise KeyError: if the key does not exist.
"""
if key in self:
- return dict.__getitem__(self, key)[0]
+ lst = dict.__getitem__(self, key)
+ if len(lst) > 0:
+ return lst[0]
raise exceptions.BadRequestKeyError(key)
def __setitem__(self, key, value):
diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py
index 42f9d92..2ee4718 100644
--- a/werkzeug/debug/tbtools.py
+++ b/werkzeug/debug/tbtools.py
@@ -358,7 +358,7 @@ class Traceback(object):
'exception': exc,
'exception_type': escape(self.exception_type),
'summary': self.render_summary(include_title=False),
- 'plaintext': self.plaintext,
+ 'plaintext': escape(self.plaintext),
'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
'traceback_id': self.id,
'secret': secret
diff --git a/werkzeug/http.py b/werkzeug/http.py
index 51f9159..13a7eb5 100644
--- a/werkzeug/http.py
+++ b/werkzeug/http.py
@@ -336,7 +336,6 @@ def parse_options_header(value, multiple=False):
:return: (mimetype, options) or (mimetype, options, mimetype, options, …)
if multiple=True
"""
-
if not value:
return '', {}
@@ -368,7 +367,7 @@ def parse_options_header(value, multiple=False):
return tuple(result)
value = rest
- return tuple(result)
+ return tuple(result) if result else ('', {})
def parse_accept_header(value, cls=None):
diff --git a/werkzeug/test.py b/werkzeug/test.py
index dfb329e..84f1cd9 100644
--- a/werkzeug/test.py
+++ b/werkzeug/test.py
@@ -99,8 +99,8 @@ def stream_encode_multipart(values, use_tempfile=True, threshold=1024 * 500,
else:
if not isinstance(value, string_types):
value = str(value)
- else:
- value = to_bytes(value, charset)
+
+ value = to_bytes(value, charset)
write('\r\n\r\n')
write_binary(value)
write('\r\n')
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-werkzeug.git
More information about the Python-modules-commits
mailing list