diff --git a/gunicorn/util.py b/gunicorn/util.py index e0101493..8a95e2e0 100644 --- a/gunicorn/util.py +++ b/gunicorn/util.py @@ -18,11 +18,13 @@ import traceback import inspect import errno import warnings +import cgi from gunicorn.errors import AppImportError -from gunicorn.six import text_type, string_types +from gunicorn.six import text_type from gunicorn.workers import SUPPORTED_WORKERS + MAXFD = 1024 REDIRECT_TO = getattr(os, 'devnull', '/dev/null') @@ -328,11 +330,11 @@ def write_error(sock, status_int, reason, mesg): %(reason)s -

%(reason)s

+

%(reason)s

%(mesg)s - """) % {"reason": reason, "mesg": mesg} + """) % {"reason": reason, "mesg": cgi.escape(mesg)} http = textwrap.dedent("""\ HTTP/1.1 %s %s\r diff --git a/gunicorn/workers/base.py b/gunicorn/workers/base.py index 27ef0db5..49b2f1fc 100644 --- a/gunicorn/workers/base.py +++ b/gunicorn/workers/base.py @@ -88,7 +88,7 @@ class Worker(object): raise SystemExit() Reloader(callback=changed).start() - # set enviroment' variables + # set environment' variables if self.cfg.env: for k, v in self.cfg.env.items(): os.environ[k] = v @@ -104,7 +104,7 @@ class Worker(object): util.set_non_blocking(p) util.close_on_exec(p) - # Prevent fd inherientence + # Prevent fd inheritance [util.close_on_exec(s) for s in self.sockets] util.close_on_exec(self.tmp.fileno()) @@ -159,24 +159,24 @@ class Worker(object): reason = "Bad Request" if isinstance(exc, InvalidRequestLine): - mesg = "

Invalid Request Line '%s'

" % str(exc) + mesg = "Invalid Request Line '%s'" % str(exc) elif isinstance(exc, InvalidRequestMethod): - mesg = "

Invalid Method '%s'

" % str(exc) + mesg = "Invalid Method '%s'" % str(exc) elif isinstance(exc, InvalidHTTPVersion): - mesg = "

Invalid HTTP Version '%s'

" % str(exc) + mesg = "Invalid HTTP Version '%s'" % str(exc) elif isinstance(exc, (InvalidHeaderName, InvalidHeader,)): - mesg = "

%s

" % str(exc) + mesg = "%s" % str(exc) if not req and hasattr(exc, "req"): req = exc.req # for access log elif isinstance(exc, LimitRequestLine): - mesg = "

%s

" % str(exc) + mesg = "%s" % str(exc) elif isinstance(exc, LimitRequestHeaders): - mesg = "

Error parsing headers: '%s'

" % str(exc) + mesg = "Error parsing headers: '%s'" % str(exc) elif isinstance(exc, InvalidProxyLine): - mesg = "

'%s'

" % str(exc) + mesg = "'%s'" % str(exc) elif isinstance(exc, ForbiddenProxyRequest): reason = "Forbidden" - mesg = "

Request forbidden

" + mesg = "Request forbidden" status_int = 403 self.log.debug("Invalid request from ip={ip}: {error}"\