diff -r 68d1ac152b5d Lib/http/server.py --- a/Lib/http/server.py Mon Apr 29 10:23:08 2013 -0400 +++ b/Lib/http/server.py Wed May 01 23:47:56 2013 +0300 @@ -126,6 +126,11 @@ def _quote_html(html): return html.replace("&", "&").replace("<", "<").replace(">", ">") +# http://tools.ietf.org/html/rfc2616#section-6.1.1 +def _is_valid_status_code(code): + return isinstance(code, int) and 0 <= code <= 999 + + class HTTPServer(socketserver.TCPServer): allow_reuse_address = 1 # Seems to make sense in testing environment @@ -413,7 +418,7 @@ a piece of HTML explaining the error to the user. """ - + code = _is_valid_status_code(code) and code or 500 try: shortmsg, longmsg = self.responses[code] except KeyError: @@ -440,6 +445,7 @@ version and the current date. """ + code = _is_valid_status_code(code) and code or 500 self.log_request(code) self.send_response_only(code, message) self.send_header('Server', self.version_string()) diff -r 68d1ac152b5d Lib/test/test_httpservers.py --- a/Lib/test/test_httpservers.py Mon Apr 29 10:23:08 2013 -0400 +++ b/Lib/test/test_httpservers.py Wed May 01 23:47:56 2013 +0300 @@ -98,6 +98,12 @@ self.send_header('Connection', 'close') self.end_headers() + def do_INCORRECT(self): + self.send_response('incorrect_status') + self.send_header('Content-Type', 'text/html') + self.send_header('Connection', 'close') + self.end_headers() + def do_LATINONEHEADER(self): self.send_response(999) self.send_header('X-Special', 'Dängerous Mind') @@ -203,6 +209,11 @@ res = self.con.getresponse() self.assertEqual(res.status, 999) + def test_trying_to_return_incorrect_status(self): + self.con.request('INCORRECT', '/') + res = self.con.getresponse() + self.assertEqual(res.status, 500) + def test_latin1_header(self): self.con.request('LATINONEHEADER', '/', headers={ 'X-Special-Incoming': 'Ärger mit Unicode'