]> git.ipfire.org Git - thirdparty/tornado.git/commitdiff
projects / thirdparty / tornado.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 455eb29)
fix[web]: disallow negative quality values in Accept-Language
authorFlorian Best <best@univention.de>
Fri, 1 Oct 2021 22:53:50 +0000 (00:53 +0200)
committerFlorian Best <best@univention.de>
Fri, 1 Oct 2021 22:53:53 +0000 (00:53 +0200)
`Accept-Language: en-US; q=-1` is not allowed. ignore it.
Even better would be to raise HTTP 400 Bad Request.

tornado/web.py patch | blob | blame | history

diff --git a/tornado/web.py b/tornado/web.py
index 8cbb2b43be35afff9b4bc9f66bc4a28443843721..085d61dd8e93c404fb8f8fdd72f2fc997a6fb28f 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1289,6 +1289,8 @@ class RequestHandler(object):
                 if len(parts) > 1 and parts[1].strip().startswith("q="):
                     try:
                         score = float(parts[1].strip()[2:])
+                        if score < 0:
+                            raise ValueError()
                     except (ValueError, TypeError):
                         score = 0.0
                 else:
Mirror of https://github.com/tornadoweb/tornado.git