Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-143916: Reject control characters in wsgiref.headers.Headers#143917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

Conversation

@sethmlarson
Copy link
Contributor

@sethmlarsonsethmlarson commentedJan 16, 2026
edited by bedevere-appbot
Loading

@sethmlarsonsethmlarson added type-securityA security issue needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes labelsJan 16, 2026
@gpsheadgpshead merged commitf7fceed intopython:mainJan 17, 2026
65 checks passed
@miss-islington-app
Copy link

Thanks@sethmlarson for the PR, and@gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11, 3.12, 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestJan 17, 2026
…pythonGH-143917)* Add 'test.support' fixture for C0 control characters*pythongh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)Co-authored-by: Seth Michael Larson <seth@python.org>
@miss-islington-app
Copy link

Sorry,@sethmlarson and@gpshead, I could not cleanly backport this to3.13 due to a conflict.
Please backport usingcherry_picker on command line.

cherry_picker f7fceed79ca1bceae8dbe5ba5bc8928564da7211 3.13

@miss-islington-app
Copy link

Sorry,@sethmlarson and@gpshead, I could not cleanly backport this to3.12 due to a conflict.
Please backport usingcherry_picker on command line.

cherry_picker f7fceed79ca1bceae8dbe5ba5bc8928564da7211 3.12

@bedevere-app
Copy link

GH-143972 is a backport of this pull request to the3.14 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.14bugs and security fixes labelJan 17, 2026
@miss-islington-app
Copy link

Sorry,@sethmlarson and@gpshead, I could not cleanly backport this to3.11 due to a conflict.
Please backport usingcherry_picker on command line.

cherry_picker f7fceed79ca1bceae8dbe5ba5bc8928564da7211 3.11

@miss-islington-app
Copy link

Sorry,@sethmlarson and@gpshead, I could not cleanly backport this to3.10 due to a conflict.
Please backport usingcherry_picker on command line.

cherry_picker f7fceed79ca1bceae8dbe5ba5bc8928564da7211 3.10

gpshead pushed a commit to gpshead/cpython that referenced this pull requestJan 17, 2026
…pythonGH-143917)* Add 'test.support' fixture for C0 control characters*pythongh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)
@gpshead
Copy link
Member

#143973 for 3.13

@bedevere-app
Copy link

GH-143973 is a backport of this pull request to the3.13 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.13bugs and security fixes labelJan 17, 2026
gpshead pushed a commit that referenced this pull requestJan 17, 2026
GH-143917) (#143972)gh-143916: Reject control characters in wsgiref.headers.Headers  (GH-143917)* Add 'test.support' fixture for C0 control characters*gh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead added a commit that referenced this pull requestJan 17, 2026
GH-143917) (#143973)gh-143916: Reject control characters in wsgiref.headers.Headers  (GH-143917)* Add 'test.support' fixture for C0 control characters*gh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead added a commit to gpshead/cpython that referenced this pull requestJan 17, 2026
…Headers (pythonGH-143917) (pythonGH-143973)pythongh-143916: Reject control characters in wsgiref.headers.Headers  (pythonGH-143917)* Add 'test.support' fixture for C0 control characters*pythongh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead added a commit to gpshead/cpython that referenced this pull requestJan 17, 2026
…Headers (pythonGH-143917) (pythonGH-143973)pythongh-143916: Reject control characters in wsgiref.headers.Headers  (pythonGH-143917)* Add 'test.support' fixture for C0 control characters*pythongh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead added a commit to gpshead/cpython that referenced this pull requestJan 17, 2026
…Headers (pythonGH-143917) (pythonGH-143973)pythongh-143916: Reject control characters in wsgiref.headers.Headers  (pythonGH-143917)* Add 'test.support' fixture for C0 control characters*pythongh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>Co-authored-by: Seth Michael Larson <seth@python.org>
@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure⚠️⚠️⚠️

Hi! The buildbotARM64 macOS 3.13 (tier-2) has failed when building commit22e4d55.

What do you need to do:

  1. Don't panic.
  2. Checkthe buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1404/builds/1475) and take a look at the build logs.
  4. Check if the failure is related to this commit (22e4d55) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1404/builds/1475

Failed tests:

  • test_urllib2net

Summary of the results of the build (if available):

==

Click to see traceback logs
remote:Enumerating objects: 14, done.remote:Counting objects:   8% (1/12)remote:Counting objects:  16% (2/12)remote:Counting objects:  25% (3/12)remote:Counting objects:  33% (4/12)remote:Counting objects:  41% (5/12)remote:Counting objects:  50% (6/12)remote:Counting objects:  58% (7/12)remote:Counting objects:  66% (8/12)remote:Counting objects:  75% (9/12)remote:Counting objects:  83% (10/12)remote:Counting objects:  91% (11/12)remote:Counting objects: 100% (12/12)remote:Counting objects: 100% (12/12), done.remote:Total 14 (delta 11), reused 11 (delta 11), pack-reused 2 (from 1)From https://github.com/python/cpython * branch                    3.13       -> FETCH_HEADNote:switching to '22e4d55285cee52bc4dbe061324e5f30bd4dee58'.You are in 'detached HEAD' state. You can look around, make experimentalchanges and commit them, and you can discard any commits you make in thisstate without impacting any branches by switching back to a branch.If you want to create a new branch to retain commits you create, you maydo so (now or later) by using -c with the switch command. Example:  git switch -c <new-branch-name>Or undo this operation with:  git switch -Turn off this advice by setting config variable advice.detachedHead to falseHEAD is now at 22e4d55285c [3.13] gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917) (#143973)Switched to and reset branch '3.13'./Modules/selectmodule.c:1988:35: warning: cast from 'PyObject *(*)(PyObject *)' (aka 'struct _object *(*)(struct _object *)') to 'PyCFunction' (aka 'struct _object *(*)(struct _object *, struct _object *)') converts to incompatible function type [-Wcast-function-type-mismatch] 1988 |     "kqueue_tracking_after_fork", (PyCFunction)kqueue_tracking_after_fork,|^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~1 warning generated.make:*** [buildbottest] Error 2

Yhg1s pushed a commit that referenced this pull requestJan 19, 2026
GH-143917) (GH-143973) (#143974)* Add 'test.support' fixture for C0 control characters*gh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit that referenced this pull requestJan 20, 2026
gh-143916: Reject control characters in wsgiref.headers.Headers  (GH-143917)* Add 'test.support' fixture for C0 control characters*gh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit that referenced this pull requestJan 20, 2026
gh-143916: Reject control characters in wsgiref.headers.Headers  (GH-143917)* Add 'test.support' fixture for C0 control characters*gh-143916: Reject control characters in wsgiref.headers.Headers(cherry picked from commitf7fceed)(cherry picked from commit22e4d55)Co-authored-by: Seth Michael Larson <seth@python.org>
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@webknjazwebknjazwebknjaz left review comments

@picnixzpicnixzpicnixz left review comments

@gpsheadgpsheadgpshead approved these changes

Assignees

@gpsheadgpshead

Labels

needs backport to 3.10only security fixesneeds backport to 3.11only security fixesneeds backport to 3.12only security fixestype-securityA security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sethmlarson@gpshead@bedevere-bot@webknjaz@picnixz
[8]ページ先頭
©2009-2026 Movatter.jp