changeset 6132:df65dcf7daea

upgrade werkzeug to 0.12.2
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Thu, 01 Jun 2017 17:49:42 +0200
parents cb45a8287559
children a6283e189869
files MoinMoin/support/werkzeug/__init__.py MoinMoin/support/werkzeug/datastructures.py MoinMoin/support/werkzeug/security.py MoinMoin/support/werkzeug/serving.py docs/CHANGES
diffstat 5 files changed, 23 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/support/werkzeug/__init__.py	Thu Jun 01 17:40:41 2017 +0200
+++ b/MoinMoin/support/werkzeug/__init__.py	Thu Jun 01 17:49:42 2017 +0200
@@ -19,7 +19,7 @@
 
 from werkzeug._compat import iteritems
 
-__version__ = '0.12.1'
+__version__ = '0.12.2'
 
 
 # This import magic raises concerns quite often which is why the implementation
--- a/MoinMoin/support/werkzeug/datastructures.py	Thu Jun 01 17:40:41 2017 +0200
+++ b/MoinMoin/support/werkzeug/datastructures.py	Thu Jun 01 17:49:42 2017 +0200
@@ -13,7 +13,7 @@
 import mimetypes
 from copy import deepcopy
 from itertools import repeat
-from collections import Container, Iterable, Mapping, MutableSet
+from collections import Container, Iterable, MutableSet
 
 from werkzeug._internal import _missing, _empty_stream
 from werkzeug._compat import iterkeys, itervalues, iteritems, iterlists, \
--- a/MoinMoin/support/werkzeug/security.py	Thu Jun 01 17:40:41 2017 +0200
+++ b/MoinMoin/support/werkzeug/security.py	Thu Jun 01 17:49:42 2017 +0200
@@ -248,17 +248,23 @@
     return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)
 
 
-def safe_join(directory, filename):
-    """Safely join `directory` and `filename`.  If this cannot be done,
-    this function returns ``None``.
+def safe_join(directory, *pathnames):
+    """Safely join `directory` and one or more untrusted `pathnames`.  If this
+    cannot be done, this function returns ``None``.
 
     :param directory: the base directory.
     :param filename: the untrusted filename relative to that directory.
     """
-    filename = posixpath.normpath(filename)
-    for sep in _os_alt_seps:
-        if sep in filename:
+    parts = [directory]
+    for filename in pathnames:
+        if filename != '':
+            filename = posixpath.normpath(filename)
+        for sep in _os_alt_seps:
+            if sep in filename:
+                return None
+        if os.path.isabs(filename) or \
+           filename == '..' or \
+           filename.startswith('../'):
             return None
-    if os.path.isabs(filename) or filename.startswith('../'):
-        return None
-    return os.path.join(directory, filename)
+        parts.append(filename)
+    return posixpath.join(*parts)
--- a/MoinMoin/support/werkzeug/serving.py	Thu Jun 01 17:40:41 2017 +0200
+++ b/MoinMoin/support/werkzeug/serving.py	Thu Jun 01 17:49:42 2017 +0200
@@ -279,7 +279,10 @@
         return BaseHTTPRequestHandler.version_string(self).strip()
 
     def address_string(self):
-        return self.client_address[0]
+        if getattr(self, 'environ', None):
+            return self.environ['REMOTE_ADDR']
+        else:
+            return self.client_address[0]
 
     def port_integer(self):
         return self.client_address[1]
--- a/docs/CHANGES	Thu Jun 01 17:40:41 2017 +0200
+++ b/docs/CHANGES	Thu Jun 01 17:49:42 2017 +0200
@@ -16,13 +16,13 @@
     editor_force = True
     editor_default = 'text'  # internal default, just for completeness
 
-Version 1.9.10rc1 2017-04-xx
+Version 1.9.10rc1 2017-06-xx
 
   Fixes:
   * fix wrong digestmod of hmac.new calls (incorporate 1.9.9 patch)
 
   Other changes:
-  * upgrade werkzeug to 0.12.1
+  * upgrade werkzeug to 0.12.2
   * upgrade passlib to 1.7.1