From 3fe33cb348914a2dcbe7758541f167edd680cb6a Mon Sep 17 00:00:00 2001
From: klemek <klemek.dev@proton.me>
Date: Mon, 4 May 2026 23:02:15 +0200
Subject: [PATCH] fix: sanitize requestline

---
 stapler/handlers.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/stapler/handlers.py b/stapler/handlers.py
index f00de8a..438260a 100644
--- a/stapler/handlers.py
+++ b/stapler/handlers.py
@@ -102,7 +102,12 @@ class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
             code = color + str(code.value) + logs.TermColor.RESET
         if size == "" and self.out_size > 0:
             size = str(self.out_size)
-        args = (code, self.address_string(), self.host, self.requestline)
+        args = (
+            code,
+            self.address_string(),
+            self.host,
+            re.sub(r"[^\x00-\x7F]+", "?", self.requestline),
+        )
         fmt = "→ %s - %s - %s - %s"
         if size != "":
             args = (*args, size)
@@ -223,7 +228,12 @@ class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
         )
 
     def _pre_log_request(self) -> None:  # pragma: no cover
-        args = ("...", self.address_string(), self.host, self.requestline)
+        args = (
+            "...",
+            self.address_string(),
+            self.host,
+            re.sub(r"[^\x00-\x7F]+", "?", self.requestline),
+        )
         fmt = "← %s - %s - %s - %s"
         if self.in_size > 0:
             args = (*args, self.in_size)