Permalink
Browse files

only uppercase HTTP methods are allowed. (fix for bug@#176415)

  • Loading branch information...
1 parent a9df657 commit be46bf1b537ea621a3e8633a4614fcdeba2f31d7 @anandology anandology committed Dec 19, 2007
Showing with 5 additions and 0 deletions.
  1. +5 −0 web/webapi.py
View
@@ -303,6 +303,11 @@ def wsgifunc(func, *middleware):
def wsgifunc(env, start_resp):
_load(env)
+
+ # allow uppercase methods only
+ if ctx.method.upper() != ctx.method:
+ return notfound()
+
try:
result = func()
except StopIteration:

0 comments on commit be46bf1

Please sign in to comment.