Skip to content

GitLab

Commit e7ba63f0 authored by Jean Michel Rouly's avatar Jean Michel Rouly
Browse files

Escape cookie values.

parent 166d23ea
Hide whitespace changes
Inline Side-by-side
wsgi/library.py
View file @ e7ba63f0
from cgi import escape
import random
import time
import math
......@@ -22,7 +23,7 @@ def get_cookie_value( environ ):
cookie.load(environ['HTTP_COOKIE']);
if cookie.has_key('user'):
user_hash = cookie['user'].value
return user_hash
return escape(user_hash)
return None
......@@ -381,13 +382,13 @@ def piwik_track( environ, page ):
from piwikapi.tests.request import FakeRequest
headers = {
'HTTP_USER_AGENT': environ.get('HTTP_USER_AGENT'),
'REMOTE_ADDR': environ.get('REMOTE_ADDR'),
'HTTP_REFERER': environ.get('HTTP_REFERER'),
'HTTP_ACCEPT_LANGUAGE': environ.get('HTTP_ACCEPT_LANGUAGE'),
'SERVER_NAME': environ.get('SERVER_NAME'),
'PATH_INFO': environ.get('PATH_INFO'),
'QUERY_STRING': environ.get('QUERY_STRING'),
'HTTP_USER_AGENT': escape(environ.get('HTTP_USER_AGENT')),
'REMOTE_ADDR': escape(environ.get('REMOTE_ADDR')),
'HTTP_REFERER': escape(environ.get('HTTP_REFERER')),
'HTTP_ACCEPT_LANGUAGE': escape(environ.get('HTTP_ACCEPT_LANGUAGE')),
'SERVER_NAME': escape(environ.get('SERVER_NAME')),
'PATH_INFO': escape(environ.get('PATH_INFO')),
'QUERY_STRING': escape(environ.get('QUERY_STRING')),
'HTTPS': False,
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment