From d28e288608889ab242b07495e8d4aeac9a6a6508 Mon Sep 17 00:00:00 2001
From: Florian Best <best@univention.de>
Date: Sat, 2 Oct 2021 00:53:50 +0200
Subject: [PATCH] fix[web]: disallow negative quality values in Accept-Language

`Accept-Language: en-US; q=-1` is not allowed. ignore it.
Even better would be to raise HTTP 400 Bad Request.
---
 tornado/web.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tornado/web.py b/tornado/web.py
index 8cbb2b43b..085d61dd8 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1289,6 +1289,8 @@ class RequestHandler(object):
                 if len(parts) > 1 and parts[1].strip().startswith("q="):
                     try:
                         score = float(parts[1].strip()[2:])
+                        if score < 0:
+                            raise ValueError()
                     except (ValueError, TypeError):
                         score = 0.0
                 else:
-- 
2.47.2