Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fail with HTTP 400 for invalid headers 
Test malformed Accept-Charset quality values.

Fixes #1370
Closes #1707

Co-authored-by: Zach Seils (seils) <seils@cisco.com>
Co-authored-by: Zach Seils <zachseils@gmail.com>
  • Loading branch information
@webknjaz @seils
3 people committed May 28, 2018
1 parent 841f795 commit 38f199c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 1 deletion.
17 changes: 16 additions & 1 deletion cherrypy/lib/httputil.py
View file
Expand Up @@ -18,6 +18,7 @@
from six.moves import range, builtins
from six.moves.BaseHTTPServer import BaseHTTPRequestHandler

import cherrypy
from cherrypy._cpcompat import ntob, ntou
from cherrypy._cpcompat import text_or_bytes
from cherrypy._cpcompat import unquote_qs
Expand Down Expand Up @@ -202,7 +203,21 @@ def qvalue(self):
val = self.params.get('q', '1')
if isinstance(val, HeaderElement):
val = val.value
return float(val)
try:
return float(val)
except ValueError as val_err:
"""Fail client requests with invalid quality value.
Ref: https://github.com/cherrypy/cherrypy/issues/1370
"""
six.raise_from(
cherrypy.HTTPError(
400,
'Malformed HTTP header: `{}`'.
format(str(self)),
),
val_err,
)

def __cmp__(self, other):
diff = builtins.cmp(self.qvalue, other.qvalue)
Expand Down
5 changes: 5 additions & 0 deletions cherrypy/test/test_encoding.py
View file
Expand Up @@ -360,6 +360,11 @@ def testEncoding(self):
self.getPage('/utf8', [('Accept-Charset', 'us-ascii, ISO-8859-1')])
self.assertStatus('406 Not Acceptable')

# Test malformed quality value, which should raise 400.
self.getPage('/mao_zedong', [('Accept-Charset',
'ISO-8859-1,utf-8;q=0.7,*;q=0.7)')])
self.assertStatus('400 Bad Request')

def testGzip(self):
zbuf = io.BytesIO()
zfile = gzip.GzipFile(mode='wb', fileobj=zbuf, compresslevel=9)
Expand Down

0 comments on commit 38f199c

Please sign in to comment.