[New-bugs-announce] [issue8704] cgitb sends a bogus HTTP header if the app crashes before finishing headers
Daniel Stutzbach
report at bugs.python.org
Thu May 13 16:12:52 CEST 2010
New submission from Daniel Stutzbach <daniel at stutzbachenterprises.com>:
If the CGI script crashes before finishing the headers, cgitb will emit invalid HTTP headers before showing the error message. Below are HTTP headers I received, captured with a packet sniffer. Note the "<--: spam".
HTTP/1.1 200 OK
Date: Thu, 13 May 2010 14:00:42 GMT
Server: Apache/2.2.9
<!--: spam
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Thu, 13 May 2010 14:00:42 GMT
Set-Cookie: ref=; path=/; HttpOnly
Transfer-Encoding: chunked
Content-Type: text/html
That string it emitted by cgitb.reset(), which is trying to reset the browser to a sane state so the error message will be shown. The problem can be easily fixed by having cgitb.reset() emit two CRLF pairs first, to ensure that we're done with the headers and emitting content:
- return '''<!--: spam
+ return '''\r\n\r\n<!--: spam
----------
components: Library (Lib)
messages: 105633
nosy: stutzbach
priority: normal
severity: normal
status: open
title: cgitb sends a bogus HTTP header if the app crashes before finishing headers
type: behavior
versions: Python 2.7, Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8704>
_______________________________________
More information about the New-bugs-announce
mailing list