@@ -100,30 +100,24 @@ cdef inline int _write_str(Writer* writer, str s):
100100# --------------- _serialize_headers ----------------------
101101
102102cdef str to_str(object s):
103- typ = type (s)
104- if typ is str :
103+ if type (s) is str :
105104 return < str > s
106- elif typ is _istr:
105+ elif type (s) is _istr:
107106 return PyObject_Str(s)
108107 elif not isinstance (s, str ):
109108 raise TypeError (" Cannot serialize non-str key {!r}"
110109 else :
111110 return str (s)
112111
113112
114- cdef void _safe_header(str string) except * :
115- if " \r " in string or " \n " in string:
116- raise ValueError (
117- " Newline or carriage return character detected in HTTP status message or "
118- " header. This is a potential security issue."
119- )
120-
121113
122114def _serialize_headers (str status_line , headers ):
123115 cdef Writer writer
124116 cdef object key
125117 cdef object val
126118 cdef bytes ret
119+ cdef str key_str
120+ cdef str val_str
127121
128122 _init_writer(& writer)
129123
@@ -136,16 +130,22 @@ def _serialize_headers(str status_line, headers):
136130 raise
137131
138132 for key, val in headers.items():
139- _safe_header(to_str(key))
140- _safe_header(to_str(val))
133+ key_str = to_str(key)
134+ val_str = to_str(val)
135+
136+ if " \r " in key_str or " \n " in key_str or " \r " in val_str or " \n " in val_str:
137+ raise ValueError (
138+ " Newline or carriage return character detected in HTTP status message or "
139+ " header. This is a potential security issue."
140+ )
141141
142- if _write_str(& writer, to_str(key) ) < 0 :
142+ if _write_str(& writer, key_str ) < 0 :
143143 raise
144144 if _write_byte(& writer, b' :' < 0 :
145145 raise
146146 if _write_byte(& writer, b' ' < 0 :
147147 raise
148- if _write_str(& writer, to_str(val) ) < 0 :
148+ if _write_str(& writer, val_str ) < 0 :
149149 raise
150150 if _write_byte(& writer, b' \r ' < 0 :
151151 raise
0 commit comments