[Python-modules-commits] [python-werkzeug] 01/06: Import python-werkzeug_0.12.2+dfsg1.orig.tar.gz

Ondřej Nový onovy at moszumanska.debian.org
Sat Jun 3 12:12:31 UTC 2017 

This is an automated email from the git hooks/post-receive script.

onovy pushed a commit to branch master
in repository python-werkzeug.

commit b37322db34f064597f733e84bb5f57090957a41a
Author: Ondřej Nový <onovy at debian.org>
Date:   Sat Jun 3 14:07:47 2017 +0200

    Import python-werkzeug_0.12.2+dfsg1.orig.tar.gz
---
 AUTHORS                    |  1 +
 CHANGES                    | 10 ++++++++++
 werkzeug/__init__.py       |  2 +-
 werkzeug/datastructures.py |  2 +-
 werkzeug/security.py       | 24 +++++++++++++++---------
 werkzeug/serving.py        |  5 ++++-
 6 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index b746c29..bc0180e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -36,6 +36,7 @@ Project Leader / Developer:
 - Lars Holm Nielsen
 - Joël Charles
 - Benjamin Dopplinger
+- Nils Steinger
 
 Contributors of code for werkzeug/examples are:
 
diff --git a/CHANGES b/CHANGES
index 4bad588..d83a2af 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,16 @@
 Werkzeug Changelog
 ==================
 
+Version 0.12.2
+--------------
+
+Released on May 16 2017
+
+- Fix regression: Pull request ``#892`` prevented Werkzeug from correctly
+  logging the IP of a remote client behind a reverse proxy, even when using
+  `ProxyFix`.
+- Fix a bug in `safe_join` on Windows.
+
 Version 0.12.1
 --------------
 
diff --git a/werkzeug/__init__.py b/werkzeug/__init__.py
index ac216f0..e776ecd 100644
--- a/werkzeug/__init__.py
+++ b/werkzeug/__init__.py
@@ -19,7 +19,7 @@ import sys
 
 from werkzeug._compat import iteritems
 
-__version__ = '0.12.1'
+__version__ = '0.12.2-dev'
 
 
 # This import magic raises concerns quite often which is why the implementation
diff --git a/werkzeug/datastructures.py b/werkzeug/datastructures.py
index 1da50e2..ee620e9 100644
--- a/werkzeug/datastructures.py
+++ b/werkzeug/datastructures.py
@@ -13,7 +13,7 @@ import codecs
 import mimetypes
 from copy import deepcopy
 from itertools import repeat
-from collections import Container, Iterable, Mapping, MutableSet
+from collections import Container, Iterable, MutableSet
 
 from werkzeug._internal import _missing, _empty_stream
 from werkzeug._compat import iterkeys, itervalues, iteritems, iterlists, \
diff --git a/werkzeug/security.py b/werkzeug/security.py
index f523877..902226e 100644
--- a/werkzeug/security.py
+++ b/werkzeug/security.py
@@ -248,17 +248,23 @@ def check_password_hash(pwhash, password):
     return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)
 
 
-def safe_join(directory, filename):
-    """Safely join `directory` and `filename`.  If this cannot be done,
-    this function returns ``None``.
+def safe_join(directory, *pathnames):
+    """Safely join `directory` and one or more untrusted `pathnames`.  If this
+    cannot be done, this function returns ``None``.
 
     :param directory: the base directory.
     :param filename: the untrusted filename relative to that directory.
     """
-    filename = posixpath.normpath(filename)
-    for sep in _os_alt_seps:
-        if sep in filename:
+    parts = [directory]
+    for filename in pathnames:
+        if filename != '':
+            filename = posixpath.normpath(filename)
+        for sep in _os_alt_seps:
+            if sep in filename:
+                return None
+        if os.path.isabs(filename) or \
+           filename == '..' or \
+           filename.startswith('../'):
             return None
-    if os.path.isabs(filename) or filename.startswith('../'):
-        return None
-    return os.path.join(directory, filename)
+        parts.append(filename)
+    return posixpath.join(*parts)
diff --git a/werkzeug/serving.py b/werkzeug/serving.py
index 4ddb74b..6a95465 100644
--- a/werkzeug/serving.py
+++ b/werkzeug/serving.py
@@ -279,7 +279,10 @@ class WSGIRequestHandler(BaseHTTPRequestHandler, object):
         return BaseHTTPRequestHandler.version_string(self).strip()
 
     def address_string(self):
-        return self.client_address[0]
+        if getattr(self, 'environ', None):
+            return self.environ['REMOTE_ADDR']
+        else:
+            return self.client_address[0]
 
     def port_integer(self):
         return self.client_address[1]

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-werkzeug.git

More information about the Python-modules-commits mailing list