Update of /cvs-repository/Zope/lib/python/ZServer
In directory cvs.zope.org:/tmp/cvs-serv19060/lib/python/ZServer

Modified Files:
      Tag: Zope-2_7-branch
        HTTPResponse.py 
Log Message:
- Collector #1863: Prevent possibly sensitive information to leak via
  the TransientObject's __repr__ method.


=== Zope/lib/python/ZServer/HTTPResponse.py 1.43.8.4 => 1.43.8.5 ===
--- Zope/lib/python/ZServer/HTTPResponse.py:1.43.8.4    Sun Aug 29 19:38:43 2004
+++ Zope/lib/python/ZServer/HTTPResponse.py     Sat Oct  1 09:18:19 2005
@@ -72,9 +72,11 @@
                 self.status == 200:
             self.setStatus('nocontent')
 
-        # add content length if not streaming
+        # add content length if not streaming or if the status is 
+        # not 304, where it's not allowed (see RFC 2616)
         if not headers.has_key('content-length') and \
-                not self._streaming:
+                not self._streaming and \
+                self.status not in (304,):
             self.setHeader('content-length',len(body))
 
 

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to