From: Florian Best <best@univention.de>
Date: Fri, 1 Oct 2021 22:53:50 +0000 (+0200)
Subject: fix[web]: disallow negative quality values in Accept-Language
X-Git-Tag: v6.2.0b1~35^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d28e288608889ab242b07495e8d4aeac9a6a6508;p=thirdparty%2Ftornado.git

fix[web]: disallow negative quality values in Accept-Language

`Accept-Language: en-US; q=-1` is not allowed. ignore it.
Even better would be to raise HTTP 400 Bad Request.
---

diff --git a/tornado/web.py b/tornado/web.py
index 8cbb2b43b..085d61dd8 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1289,6 +1289,8 @@ class RequestHandler(object):
                 if len(parts) > 1 and parts[1].strip().startswith("q="):
                     try:
                         score = float(parts[1].strip()[2:])
+                        if score < 0:
+                            raise ValueError()
                     except (ValueError, TypeError):
                         score = 0.0
                 else: