diff options
| author | Tim Graham <timograham@gmail.com> | 2018-02-24 16:22:43 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-02-27 13:56:26 -0500 |
| commit | a91436360b79a6ff995c3e5018bcc666dfaf1539 (patch) | |
| tree | 2581958aedc8649eb5b1f91fde6cc9c651ed2c23 /django | |
| parent | abf89d729f210c692a50e0ad3f75fb6bec6fae16 (diff) | |
[1.11.x] Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
Diffstat (limited to 'django')
| -rw-r--r-- | django/utils/text.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/django/utils/text.py b/django/utils/text.py index b0f139e034..a6172c41b0 100644 --- a/django/utils/text.py +++ b/django/utils/text.py @@ -29,7 +29,7 @@ def capfirst(x): # Set up regular expressions re_words = re.compile(r'<.*?>|((?:\w[-\w]*|&.*?;)+)', re.U | re.S) re_chars = re.compile(r'<.*?>|(.)', re.U | re.S) -re_tag = re.compile(r'<(/)?([^ ]+?)(?:(\s*/)| .*?)?>', re.S) +re_tag = re.compile(r'<(/)?(\S+?)(?:(\s*/)|\s.*?)?>', re.S) re_newlines = re.compile(r'\r\n|\r') # Used in normalize_newlines re_camel_case = re.compile(r'(((?<=[a-z])[A-Z])|([A-Z](?![A-Z]|$)))') |