From: Senthil Kumaran <orsenthil@gmail.com>
Date: Thu, 17 Mar 2011 04:34:18 +0000 (+0800)
Subject: Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
X-Git-Tag: v2.5.6c1~10
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3853586e0caa0d5c4342ac8bd7e78cb5766fa8cc;p=thirdparty%2FPython%2Fcpython.git

Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
Patch by Tom N. (Backported from py3k codeline).
---

diff --git a/Lib/SimpleHTTPServer.py b/Lib/SimpleHTTPServer.py
index 86c669ea409e..286731d35495 100644
--- a/Lib/SimpleHTTPServer.py
+++ b/Lib/SimpleHTTPServer.py
@@ -16,6 +16,7 @@ import BaseHTTPServer
 import urllib
 import urlparse
 import cgi
+import sys
 import shutil
 import mimetypes
 try:
@@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
         length = f.tell()
         f.seek(0)
         self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
         self.send_header("Content-Length", str(length))
         self.end_headers()
         return f