Created on 2012-01-02 18:40 by CRicky, last changed 2012-01-04 07:26 by orsenthil. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| 13696.diff | orsenthil, 2012-01-04 05:59 | |||
| Messages (5) | |||
|---|---|---|---|
| msg150473 - (view) | Author: CRicky (CRicky) | Date: 2012-01-02 18:40 | |
I had an HTTP redirection that worked perfectly on version 3.1.
On version 3.2, I get a HTTP error 302. In this redirection, I actually have 2 redirections. The last one does not work because it is a relative redirection, so urlparts.scheme is empty.
Some lines have been added in version 3.2 for security reason, but it also blocks relative links in 302 return.
To correct, I have added empty scheme in check:
if not urlparts.scheme in ('http', 'https', 'ftp', ''):
With that, it works correctly.
I don't make you any for 3 new chars. ;)
Best regards,
CRicky
|
|||
| msg150504 - (view) | Author: Antoine Pitrou (pitrou) *  |
Date: 2012-01-03 15:36 | |
CRicky's proposed changed looks reasonable to me - although it would be better with a unit test too :) |
|||
| msg150521 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2012-01-03 18:10 | |
(This is in reference to issue 11662.) I can't think of a way that this proposed change would bring back the original vulnerability, so go ahead. |
|||
| msg150591 - (view) | Author: Senthil Kumaran (orsenthil) * |
Date: 2012-01-04 05:59 | |
Here is the patch against 3.2. Something is wrong with the mercurial at the moment where 3.2 is shown as inactive. Once that is corrected, I shall commit and push this to 3.2 and cpython codelines. This bug is not present in 2.7 as different logic is followed in there. |
|||
| msg150593 - (view) | Author: Roundup Robot (python-dev) | Date: 2012-01-04 06:47 | |
New changeset 86141d28b20d by Senthil Kumaran in branch '3.2': Issue13696 - Fix 302 Redirection for Relative urls. http://hg.python.org/cpython/rev/86141d28b20d |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-07-31 03:38:24 | martin.panter | link | issue13651 superseder |
| 2015-04-11 06:35:18 | martin.panter | link | issue12275 superseder |
| 2015-04-11 06:33:59 | martin.panter | link | issue14767 superseder |
| 2012-01-04 07:26:30 | orsenthil | set | status: open -> closed resolution: fixed stage: test needed -> resolved |
| 2012-01-04 06:47:45 | python-dev | set | nosy:
+ python-dev messages: + msg150593 |
| 2012-01-04 05:59:29 | orsenthil | set | files:
+ 13696.diff keywords: + patch messages: + msg150591 |
| 2012-01-03 18:10:44 | gvanrossum | set | messages: + msg150521 |
| 2012-01-03 15:36:56 | pitrou | set | nosy:
+ pitrou, gvanrossum messages: + msg150504 |
| 2012-01-03 03:50:09 | meador.inge | set | nosy:
+ orsenthil stage: test needed versions: + Python 3.3 |
| 2012-01-02 18:40:30 | CRicky | create | |