Package: python-bottle Version: 0.12.7-1+deb8u1 Severity: normal --- Please enter the report below this line. ---
Dear maintainer, the latest security update breaks existing code like the following script: #!/usr/bin/env python # coding=utf-8 import bottle @bottle.route('/', method='GET') def test(): return bottle.static_file('test.txt', root='.', mimetype=u'text/plain', download='test.txt') bottle.BaseRequest.MEMFILE_MAX = 5 * 1024 * 1024 bottle.debug(True) bottle.run(host='127.0.0.1', port=8080, reloader=True, server='cherrypy') Save a dummy file test.txt in the same directory and launch it with python 2.7 to try yourself. This used to work with version 0.12.7-1, now with 0.12.7-1+deb8u1 it shows this error in chromium: "The requested resource returned more bytes than the declared Content-Length." The actual trace as shown in the console where the script runs is: Critical error while processing request: / Error: TypeError("WSGI response header value u'text/plain' is not of type str.",) Traceback: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/bottle.py", line 960, in wsgi start_response(response._status_line, response.headerlist) File "/usr/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 2309, in start_response "WSGI response header value %r is not of type str." % v) TypeError: WSGI response header value u'text/plain' is not of type str. One workaround is to pass a string not a unicode string as mimetype: return bottle.static_file('test.txt', root='.', mimetype='text/plain', download='test.txt') At a minimum, it would be preferable to see the "Critical error while processing request" error not the "The requested resource returned more bytes than the declared Content-Length." one which is misleading. For maximum backward compatibility, and if that does not cause side-effects, it would be nice if unicode strings would be OK as they used to be. --- System information. --- Architecture: amd64 Kernel: Linux 3.16.0-4-amd64 Debian Release: 8.6 500 stable-updates ftp.it.debian.org 500 stable security.debian.org 500 stable ftp.it.debian.org 100 jessie-backports ftp.it.debian.org --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty.
signature.asc
Description: OpenPGP digital signature