Resolves#237
Previously, we were not running any sort of URL escaping on values
passed in from the client that were used for redirects. This allowed
injection attacks via URL encoded newlines in the original request.
This update ensures that all user-supplied paths that are used as
components of redirects are passed through `urllib.parse.quote()`
(or the python 2 equivalent) prior to being used in a redirect
response.
Also specified 127.0.0.1 rather than 0.0.0.0 (the default) in server
tests to avoid triggering firewall dialogs when testing on MacOS
+ FIX#104: Stopped parsing invalid package-versions prefixed with `v`;
they are invalid according to :pep-reference:`0440`.
+ Also support versions with epochs separated by `!` like `package-1!1.1.0`.
+ Move bottle-filename check on app module.
+ Standalone executable based on wheel.
+ Properly use `pkg_resources` so reading `welcome-msg` file
works even from within zip.
+ Mark `zip_safe=True` in setup.py.
+ Delete forgotten distutils startup script.
+ Build standalone before installing anything else,
to check if any deps are missing.
+ Restore py25 in Travis.
* Use stabdard python's logging lib.
* Log http-request/response/errors.
* Cmd-line options for logging-format and filename.
* Cmd-line options for request /response/error requests/responses/errors
props to log.
* Add `-v` option controlling verbosity.
* Add docs about new options.
* TCs only `-v` & `--log_file ` (logging statements used throughout all
tests).
The fix in commit 7f97612 for supporting the package naming used by the
pytz module caused a regression if the package name contained a dash
followed by a number. We fix this by splitting on all dashes followed by
numbers and recreating the package name from all components but the
last.
instead we use an iterator that returns all relevant information. that
simplifies the code quite a bit because we now mostly operate on the
iterators result instead of handling filenames, versions, prefixes...
