github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-01-29 00:38:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Be more thorough in sanitizing for add_request_info.

Browse Source
This commit is contained in:
Neil Williams
2012-12-22 03:24:03 -08:00
parent bfa457c67f
commit ac118cebd8
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
r2/r2/lib/db/tdb_sql.py
View File

@@ -364,10 +364,10 @@ def get_write_table(tables):
else:
return tables[0]
_spaces = re.compile('[\s]+')
def add_request_info(select):
def sanitize(txt):
return _spaces.sub(' ', txt).replace("/", "|").replace("-", "_").replace(';', "").replace("*", "").replace(r"/", "")
return "".join(x if x.isalnum() else "."
for x in filters._force_utf8(txt))
tb = simple_traceback(limit=12)
try:
@@ -376,7 +376,7 @@ def add_request_info(select):
hasattr(request, 'user_agent')):
comment = '/*\n%s\n%s\n%s\n*/' % (
tb or "",
filters._force_utf8(sanitize(request.fullpath)),
sanitize(request.fullpath),
sanitize(request.ip))
return select.prefix_with(comment)
except UnicodeDecodeError: