Author Lukasa
Recipients Lukasa, martin.panter, orsenthil, remram
Date 2016-07-19.19:18:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1468955924.75.0.368303009149.issue27568@psf.upfronthosting.co.za>
In-reply-to
Content
Ok, so I've taken a preliminary look at this patch. It looks good to me! I have one question: right now the patch as written will blow away not just HTTP_PROXY, but also any other mixed-case spelling of that name (e.g. HtTp_PrOxY) in a CGI environment.

That's *probably* not a concern: I think in practice such a spelling is almost never used. However, I wanted to draw it out explicitly: we should probably include a code comment that indicates that we know that it's a side effect of the code, and that we don't care.

For what it's worth, we should also consider commenting with a note regarding the CVE number assigned to Python. We may want to consider getting a CVE number for this specific fix as well, though I'd need to chat to someone in the PSRT at this point to get an idea of what they think.

Good work!
History
Date User Action Args
2016-07-19 19:18:44Lukasasetrecipients: + Lukasa, orsenthil, martin.panter, remram
2016-07-19 19:18:44Lukasasetmessageid: <1468955924.75.0.368303009149.issue27568@psf.upfronthosting.co.za>
2016-07-19 19:18:44Lukasalinkissue27568 messages
2016-07-19 19:18:44Lukasacreate