diff options
| author | Chris McDonough <chrism@plope.com> | 2011-09-08 03:08:26 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2011-09-08 03:08:26 -0400 |
| commit | 3bbe82491853f5eb8f94858d73d8e0cb2a0603c4 (patch) | |
| tree | e28bf58d26e57dc6b96eac5d6746ccdd0678d0e0 | |
| parent | 0ab0b9ef8a970584e5ef3fdf7d6943e456b95380 (diff) | |
| download | pyramid-3bbe82491853f5eb8f94858d73d8e0cb2a0603c4.tar.gz pyramid-3bbe82491853f5eb8f94858d73d8e0cb2a0603c4.tar.bz2 pyramid-3bbe82491853f5eb8f94858d73d8e0cb2a0603c4.zip | |
privatize
| -rw-r--r-- | pyramid/static.py | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/pyramid/static.py b/pyramid/static.py index 72a76a014..63c7dea73 100644 --- a/pyramid/static.py +++ b/pyramid/static.py @@ -167,21 +167,21 @@ class static_view(object): url = url + '?' + qs return HTTPMovedPermanently(url) -has_insecure_pathelement = set(['..', '.', '']).intersection -seps = set(['/', os.sep]) -def contains_slash(item): - for sep in seps: +_has_insecure_pathelement = set(['..', '.', '']).intersection +_seps = set(['/', os.sep]) +def _contains_slash(item): + for sep in _seps: if sep in item: return True @lru_cache(1000) def _secure_path(path_tuple): - if has_insecure_pathelement(path_tuple): + if _has_insecure_pathelement(path_tuple): # belt-and-suspenders security; this should never be true # unless someone screws up the traversal_path code # (request.subpath is computed via traversal_path too) return None - if any([contains_slash(item) for item in path_tuple]): + if any([_contains_slash(item) for item in path_tuple]): return None encoded = u'/'.join(path_tuple) # will be unicode return encoded |