Message 150710 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	joneskoo
Recipients	carljm, jcea, joneskoo, maker, orsenthil
Date	2012-01-06.02:27:28
SpamBayes Score	1.2888851e-10
Marked as misclassified	No
Message-id	<1325816850.55.0.653037923483.issue13642@psf.upfronthosting.co.za>
In-reply-to

Content
> Regarding unittests instead, there is already a method called > test_userpass_inurl which could be extended with some tests on a > password containing spaces ( Lib/test/test_urllib.py:263). But what > I haven't yet understood is: does it really exists a user:pass in > python.org? Note Lib/test/test_urllib.py:261 ; there is a fake HTTP wrapper in the test. So the request is not really sent. I modified FakeHTTPConnection to store the sent HTTP request. I also copied the test you mentioned from python3 to 2.7. The second test I add in the patch fails. The test should pass with python2.5 from OS X (did not run the test but checked headers against netcat). Please take a look at the tests I added. I'm not sure if geturl() should return the quoted version or not. But certainly the quoted version must not be used in the base64. If you think geturl() should return the quoted version, I'm fine with that - in principle characters like \n in the password could be bad in an URL unless quoted. Maybe the tests could ALSO be added to some other places, but I think this full path makes sense to check like this.

> Regarding unittests instead, there is already a method called
> test_userpass_inurl which could be extended with some tests on a
> password containing spaces ( Lib/test/test_urllib.py:263). But what
> I haven't yet understood is: does it really exists a user:pass in
> python.org?

Note Lib/test/test_urllib.py:261 ; there is a fake HTTP wrapper in the test. So the request is not really sent.

I modified FakeHTTPConnection to store the sent HTTP request. I also copied the test you mentioned from python3 to 2.7. The second test I add in the patch fails. The test should pass with python2.5 from OS X (did not run the test but checked headers against netcat).

Please take a look at the tests I added. I'm not sure if geturl() should return the quoted version or not. But certainly the quoted version must not be used in the base64. If you think geturl() should return the quoted version, I'm fine with that - in principle characters like \n in the password could be bad in an URL unless quoted.

Maybe the tests could ALSO be added to some other places, but I think this full path makes sense to check like this.

History
Date	User	Action	Args
2012-01-06 02:27:30	joneskoo	set	recipients: + joneskoo, jcea, orsenthil, carljm, maker
2012-01-06 02:27:30	joneskoo	set	messageid: <1325816850.55.0.653037923483.issue13642@psf.upfronthosting.co.za>
2012-01-06 02:27:29	joneskoo	link	issue13642 messages
2012-01-06 02:27:29	joneskoo	create