Look at revisions 804, 808, and 811 in web2py's hg repos.
R804:
URL+XML, and oauth1.0 from Michele
=== (+6,-3) gluon/html.py ===
@@ -201,8 +201,8 @@
if regex_crlf.search(url):
raise SyntaxError, 'CRLF Injection Detected'
- return rewrite.filter_out(url, env)
-
+ return XML(rewrite.filter_out(url, env))
+
R808:
no more XML in URL, breaks scaffoling app
=== (+2,-2) gluon/html.py ===
@@ -201,7 +201,7 @@
if regex_crlf.search(url):
raise SyntaxError, 'CRLF Injection Detected'
- return XML(rewrite.filter_out(url, env))
+ return rewrite.filter_out(url, env)
R811:
fixed problem with URL, thanks Jonathan
=== (+14,-2) gluon/html.py ===
@@ -201,7 +201,7 @@
if regex_crlf.search(url):
raise SyntaxError, 'CRLF Injection Detected'
- return rewrite.filter_out(url, env)
+ return XML(rewrite.filter_out(url, env))
So which way is it? I think this still needs to be sorted out. I'm
going back to R803 for the time being. It looks like more than just
that one line needs to be changed, since both versions apparently
cause problems in different areas.
-Mike
