products/CPSPortlets

changeset 1340:be2279010927

#2151: HTTP response splitting condition
author Georges Racinet on Ishtar.racinet.fr <georges@racinet.fr>
date Thu, 06 May 2010 09:35:19 +0200
parents 78c67b1518b5
children 1d66577114a3 3fd38b02de6a
files CHANGES skins/cpsportlets_widgets/cpsportlet_change_language.py
diffstat 2 files changed, 3 insertions(+), 0 deletions(-) [+]
line diff
     1.1 --- a/CHANGES
     1.2 +++ b/CHANGES
     1.3 @@ -6,6 +6,7 @@
     1.4  -
     1.5  Bug fixes
     1.6  ~~~~~~~~~
     1.7 +- #2151: HTTP response splitting condition
     1.8  - #2074 (split navigation portlet method) : extended site map was broken
     1.9  New internal features
    1.10  ~~~~~~~~~~~~~~~~~~~~~
     2.1 --- a/skins/cpsportlets_widgets/cpsportlet_change_language.py
     2.2 +++ b/skins/cpsportlets_widgets/cpsportlet_change_language.py
     2.3 @@ -3,6 +3,8 @@
     2.4  if not lang:
     2.5      return
     2.6  
     2.7 +lang = lang.split()[0] # header splitting protection, see #2151
     2.8 +
     2.9  if REQUEST is None:
    2.10      REQUEST = context.REQUEST
    2.11