[gentoo-commits] repo/gentoo:master commit in: dev-python/dugong/files/, dev-python/dugong/

Wed, 10 May 2017 19:29:37 -0700 

commit:     1721223b34a915107fc2906e5d2b212c8b9d91a7
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 02:24:12 2017 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Thu May 11 02:29:04 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1721223b

dev-python/dugong: Add python3.6 to PYTHON_COMPAT

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 dev-python/dugong/dugong-3.7.ebuild                |  6 ++-
 .../dugong/files/dugong-3.7-test-html-escape.patch | 46 ++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/dev-python/dugong/dugong-3.7.ebuild 
b/dev-python/dugong/dugong-3.7.ebuild
index 105c42266bd..326f69c1fc6 100644
--- a/dev-python/dugong/dugong-3.7.ebuild
+++ b/dev-python/dugong/dugong-3.7.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-PYTHON_COMPAT=( python3_{4,5} )
+PYTHON_COMPAT=( python3_{4,5,6} )
 
 inherit distutils-r1
 
@@ -21,6 +21,10 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
                dev-python/pytest-catchlog[${PYTHON_USEDEP}]
        )"
 
+PATCHES=(
+       "${FILESDIR}"/${P}-test-html-escape.patch
+)
+
 python_test() {
        py.test -v || die "Tests failed under ${EPYTHON}"
 }

diff --git a/dev-python/dugong/files/dugong-3.7-test-html-escape.patch 
b/dev-python/dugong/files/dugong-3.7-test-html-escape.patch
new file mode 100644
index 00000000000..ba2ee587d0c
--- /dev/null
+++ b/dev-python/dugong/files/dugong-3.7-test-html-escape.patch
@@ -0,0 +1,46 @@
+# HG changeset patch
+# User Zac Medico <zmed...@gentoo.org>
+# Date 1494468556 25200
+# Branch test-quote-html
+# Node ID b8a28438442ec12cd4067fd3240d9afc8e6998da
+# Parent  a986296769f3fc4daa0f29fe28b857f43d05634d
+Use html.escape for python3.6 compat
+
+https://bitbucket.org/nikratio/python-dugong/pull-requests/3
+
+diff --git a/test/test_dugong.py b/test/test_dugong.py
+--- a/test/test_dugong.py
++++ b/test/test_dugong.py
+@@ -24,7 +24,7 @@
+ from dugong import (HTTPConnection, BodyFollowing, CaseInsensitiveDict, _join,
+                     ConnectionClosed)
+ import dugong
+-from http.server import BaseHTTPRequestHandler, _quote_html
++from http.server import BaseHTTPRequestHandler
+ from io import TextIOWrapper
+ from base64 import b64encode
+ import http.client
+@@ -34,6 +34,7 @@
+ import ssl
+ import re
+ import os
++import html
+ import hashlib
+ import threading
+ import socketserver
+@@ -1163,9 +1164,12 @@
+             message = shortmsg
+         explain = longmsg
+         self.log_error("code %d, message %s", code, message)
+-        # using _quote_html to prevent Cross Site Scripting attacks (see bug 
#1100201)
+-        content = (self.error_message_format % {'code': code, 'message': 
_quote_html(message),
+-                                               'explain': 
explain}).encode('utf-8', 'replace')
++        # HTML encode to prevent Cross Site Scripting attacks (see bug 
#1100201)
++        content = (self.error_message_format % {
++            'code': code,
++            'message': html.escape(message, quote=False),
++            'explain': explain
++        }).encode('utf-8', 'replace')
+         self.send_response(code, message)
+         self.send_header("Content-Type", self.error_content_type)
+         self.send_header("Content-Length", str(len(content)))

Reply via email to