From 54e74e803911e7fb0f861eb33b5b0d053cb7e79b Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Sun, 23 Dec 2012 06:45:45 +0100 Subject: [PATCH] Disallow non-GET requests in wmako. --- wrw/wmako.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wrw/wmako.py b/wrw/wmako.py index 491d8b3..13ce342 100644 --- a/wrw/wmako.py +++ b/wrw/wmako.py @@ -1,6 +1,6 @@ import os, threading from mako import template, lookup, filters -import util, form, session, env +import util, form, session, env, resp # It seems Mako isn't thread-safe. makolock = threading.Lock() @@ -43,6 +43,8 @@ def handle(req, filename, **kw): @util.wsgiwrap def application(req): + if req.method not in ["GET", "HEAD"]: + raise resp.httperror(405) return handle(req, req.filename, form = form.formdata(req), session = session.get(req)) -- 2.11.0