Message 76736 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jjlee
Recipients	facundobatista, gregory.p.smith, jjlee, orsenthil, weijie90
Date	2008-12-02.13:00:13
SpamBayes Score	2.3355871e-07
Marked as misclassified	No
Message-id	<1228222815.22.0.392017514066.issue2464@psf.upfronthosting.co.za>
In-reply-to

Content
This fix was applied in the wrong place. URI path components, and HTTP URI path components in particular, can be empty. See RFC 3986. So the comment in the code that was inserted with the fix for this bug that says "possibly malformed" is incorrect, and should instead just refer to section 3.2.2 of RFC 2616. Also, because 3.2.2 says "If the abs_path is not present in the URL, it MUST be given as "/" when used as a Request-URI for a resource (section 5.1.2)", it seems clear that this transformation (add the slash if there's no path component) should always happen when retrieving URIs, regardless of where the URI came from -- not only for redirects. Note that RFC 2616 incorrectly claims to refer to the definition of abs_path from RFC 2396. The fact that it's incorrect is made clear in 2616 itself, in section 3.2.3, when it says that abs_path can be empty. In any case, RFC 2396 is obsoleted by RFC 3986, which is clear on this issue, and reflects actual usage of URIs. URIs like http://python.org and http://python.org?spam=eggs have been in widespread use for a long time, and typing the latter URL into firefox (3.0.2) confirms that what's actually sent is "/?spam", whereas urllib2 still sends "?spam". No test was added with this fix, which makes it unnecessarily hard to work out what exactly the fix was supposed to fix. For the record, this is the sequence of redirections before the fix was applied (showing base URI + redirect URI reference --> redirect URI): 'http://www.wikispaces.com' + 'https://session.wikispaces.com/session/auth?authToken=token' --> 'https://session.wikispaces.com/session/auth?authToken=token' 'https://session.wikispaces.com/session/auth?authToken=token' + 'http://www.wikispaces.com?responseToken=token' --> 'http://www.wikispaces.com?responseToken=token' and after the fix was applied: 'http://www.wikispaces.com' + 'https://session.wikispaces.com/session/auth?authToken=token' --> 'https://session.wikispaces.com/session/auth?authToken=token' 'https://session.wikispaces.com/session/auth?authToken=token' + 'http://www.wikispaces.com/?responseToken=token' --> 'http://www.wikispaces.com/?responseToken=token' 'http://www.wikispaces.com/?responseToken=token' + 'http://www.wikispaces.com/' --> 'http://www.wikispaces.com/'

This fix was applied in the wrong place.

URI path components, and HTTP URI path components in particular, *can*
be empty.  See RFC 3986.  So the comment in the code that was inserted
with the fix for this bug that says "possibly malformed" is incorrect,
and should instead just refer to section 3.2.2 of RFC 2616.  Also,
because 3.2.2 says "If the abs_path is not present in the URL, it MUST
be given as "/" when used as a Request-URI for a resource (section
5.1.2)", it seems clear that this transformation (add the slash if
there's no path component) should always happen when retrieving URIs,
regardless of where the URI came from -- not only for redirects.

Note that RFC 2616 incorrectly claims to refer to the definition of
abs_path from RFC 2396.  The fact that it's incorrect is made clear in
2616 itself, in section 3.2.3, when it says that abs_path can be empty.
 In any case, RFC 2396 is obsoleted by RFC 3986, which is clear on this
issue, and reflects actual usage of URIs.  URIs like http://python.org
and http://python.org?spam=eggs have been in widespread use for a long
time, and typing the latter URL into firefox (3.0.2) confirms that
what's actually sent is "/?spam", whereas urllib2 still sends "?spam".

No test was added with this fix, which makes it unnecessarily hard to
work out what exactly the fix was supposed to fix.  For the record, this
is the sequence of redirections before the fix was applied (showing base
URI + redirect URI reference --> redirect URI):

'http://www.wikispaces.com' +
'https://session.wikispaces.com/session/auth?authToken=token' -->
'https://session.wikispaces.com/session/auth?authToken=token'
'https://session.wikispaces.com/session/auth?authToken=token' +
'http://www.wikispaces.com?responseToken=token' -->
'http://www.wikispaces.com?responseToken=token'

and after the fix was applied:

'http://www.wikispaces.com' +
'https://session.wikispaces.com/session/auth?authToken=token' -->
'https://session.wikispaces.com/session/auth?authToken=token'
'https://session.wikispaces.com/session/auth?authToken=token' +
'http://www.wikispaces.com/?responseToken=token' -->
'http://www.wikispaces.com/?responseToken=token'
'http://www.wikispaces.com/?responseToken=token' +
'http://www.wikispaces.com/' --> 'http://www.wikispaces.com/'

History
Date	User	Action	Args
2008-12-02 13:00:15	jjlee	set	recipients: + jjlee, facundobatista, gregory.p.smith, orsenthil, weijie90
2008-12-02 13:00:15	jjlee	set	messageid: <1228222815.22.0.392017514066.issue2464@psf.upfronthosting.co.za>
2008-12-02 13:00:14	jjlee	link	issue2464 messages
2008-12-02 13:00:13	jjlee	create