[Python-modules-commits] [python-werkzeug] 01/06: Import python-werkzeug_0.12.2+dfsg1.orig.tar.gz
Ondřej Nový
onovy at moszumanska.debian.org
Sat Jun 3 12:12:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
onovy pushed a commit to branch master
in repository python-werkzeug.
commit b37322db34f064597f733e84bb5f57090957a41a
Author: Ondřej Nový <onovy at debian.org>
Date: Sat Jun 3 14:07:47 2017 +0200
Import python-werkzeug_0.12.2+dfsg1.orig.tar.gz
---
AUTHORS | 1 +
CHANGES | 10 ++++++++++
werkzeug/__init__.py | 2 +-
werkzeug/datastructures.py | 2 +-
werkzeug/security.py | 24 +++++++++++++++---------
werkzeug/serving.py | 5 ++++-
6 files changed, 32 insertions(+), 12 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index b746c29..bc0180e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -36,6 +36,7 @@ Project Leader / Developer:
- Lars Holm Nielsen
- Joël Charles
- Benjamin Dopplinger
+- Nils Steinger
Contributors of code for werkzeug/examples are:
diff --git a/CHANGES b/CHANGES
index 4bad588..d83a2af 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,16 @@
Werkzeug Changelog
==================
+Version 0.12.2
+--------------
+
+Released on May 16 2017
+
+- Fix regression: Pull request ``#892`` prevented Werkzeug from correctly
+ logging the IP of a remote client behind a reverse proxy, even when using
+ `ProxyFix`.
+- Fix a bug in `safe_join` on Windows.
+
Version 0.12.1
--------------
diff --git a/werkzeug/__init__.py b/werkzeug/__init__.py
index ac216f0..e776ecd 100644
--- a/werkzeug/__init__.py
+++ b/werkzeug/__init__.py
@@ -19,7 +19,7 @@ import sys
from werkzeug._compat import iteritems
-__version__ = '0.12.1'
+__version__ = '0.12.2-dev'
# This import magic raises concerns quite often which is why the implementation
diff --git a/werkzeug/datastructures.py b/werkzeug/datastructures.py
index 1da50e2..ee620e9 100644
--- a/werkzeug/datastructures.py
+++ b/werkzeug/datastructures.py
@@ -13,7 +13,7 @@ import codecs
import mimetypes
from copy import deepcopy
from itertools import repeat
-from collections import Container, Iterable, Mapping, MutableSet
+from collections import Container, Iterable, MutableSet
from werkzeug._internal import _missing, _empty_stream
from werkzeug._compat import iterkeys, itervalues, iteritems, iterlists, \
diff --git a/werkzeug/security.py b/werkzeug/security.py
index f523877..902226e 100644
--- a/werkzeug/security.py
+++ b/werkzeug/security.py
@@ -248,17 +248,23 @@ def check_password_hash(pwhash, password):
return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)
-def safe_join(directory, filename):
- """Safely join `directory` and `filename`. If this cannot be done,
- this function returns ``None``.
+def safe_join(directory, *pathnames):
+ """Safely join `directory` and one or more untrusted `pathnames`. If this
+ cannot be done, this function returns ``None``.
:param directory: the base directory.
:param filename: the untrusted filename relative to that directory.
"""
- filename = posixpath.normpath(filename)
- for sep in _os_alt_seps:
- if sep in filename:
+ parts = [directory]
+ for filename in pathnames:
+ if filename != '':
+ filename = posixpath.normpath(filename)
+ for sep in _os_alt_seps:
+ if sep in filename:
+ return None
+ if os.path.isabs(filename) or \
+ filename == '..' or \
+ filename.startswith('../'):
return None
- if os.path.isabs(filename) or filename.startswith('../'):
- return None
- return os.path.join(directory, filename)
+ parts.append(filename)
+ return posixpath.join(*parts)
diff --git a/werkzeug/serving.py b/werkzeug/serving.py
index 4ddb74b..6a95465 100644
--- a/werkzeug/serving.py
+++ b/werkzeug/serving.py
@@ -279,7 +279,10 @@ class WSGIRequestHandler(BaseHTTPRequestHandler, object):
return BaseHTTPRequestHandler.version_string(self).strip()
def address_string(self):
- return self.client_address[0]
+ if getattr(self, 'environ', None):
+ return self.environ['REMOTE_ADDR']
+ else:
+ return self.client_address[0]
def port_integer(self):
return self.client_address[1]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-werkzeug.git
More information about the Python-modules-commits
mailing list