diff options
Diffstat (limited to 'pyramid/httpexceptions.py')
| -rw-r--r-- | pyramid/httpexceptions.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pyramid/httpexceptions.py b/pyramid/httpexceptions.py index 44b854929..4d23db8d2 100644 --- a/pyramid/httpexceptions.py +++ b/pyramid/httpexceptions.py @@ -236,6 +236,11 @@ ${body}''') if WSGIHTTPException.body_template_obj is not body_tmpl: # Custom template; add headers to args for k, v in environ.items(): + if (not k.startswith('wsgi.')) and ('.' in k): + # omit custom environ variables, stringifying them may + # trigger code that should not be executed here; see + # https://github.com/Pylons/pyramid/issues/239 + continue args[k] = escape(v) for k, v in self.headers.items(): args[k.lower()] = escape(v) |