Changeset 920
- Timestamp:
- 01/10/06 09:40:43
- Files:
-
- trunk/cherrypy/_cputil.py (modified) (2 diffs)
- trunk/cherrypy/filters/staticfilter.py (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/cherrypy/_cputil.py
r910 r920 155 155 156 156 157 _HTTPErrorTemplate = '''<html> 157 _HTTPErrorTemplate = '''<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 158 <html> 158 159 <head> 159 160 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> 160 161 <title>%(status)s</title> 161 162 <style type="text/css"> 162 #powered By {163 #powered_by { 163 164 margin-top: 20px; 164 165 border-top: 2px solid black; … … 175 176 <p>%(message)s</p> 176 177 <pre id="traceback">%(traceback)s</pre> 177 <div id="powered By">178 <div id="powered_by"> 178 179 <span>Powered by <a href="http://www.cherrypy.org">CherryPy %(version)s</a></span> 179 180 </div> trunk/cherrypy/filters/staticfilter.py
r900 r920 39 39 extraPath = urllib.unquote(extraPath) 40 40 # If extraPath is "", filename will end in a slash 41 if '..' in extraPath: 42 # Disallow '..' (secutiry flaw) 43 raise cherrypy.HTTPError(403) # Forbidden 41 44 filename = os.path.join(staticDir, extraPath) 42 45
