首頁 探索 說明
登入
CityApper
/
dulwich
镜像来自 https://github.com/jelmer/dulwich
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

web: don't echo back invalid service names

This prevents potential XSS attacks, which could have injected
arbitrary content under a domain by echoing back the unsupported
service name.
Dave Borowitz 12 年之前
父節點
f6439d709d
當前提交
290a16c8ee
共有 1 個文件被更改,包括 1 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      dulwich/web.py

+ 1 - 1
dulwich/web.py
查看文件 

@@ -166,7 +166,7 @@ def get_info_refs(req, backend, mat):
 
     if service and not req.dumb:
 
         handler_cls = req.handlers.get(service, None)
 
         if handler_cls is None:
 
-            yield req.forbidden('Unsupported service %s' % service)
 
+            yield req.forbidden('Unsupported service')
 
             return
 
         req.nocache()
 
         write = req.respond(HTTP_OK, 'application/x-%s-advertisement' % service)