➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-12-28 15:42 by nagdon, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 24181 | closed | Fongeme, 2021-01-09 20:31 | |
| Messages (2) | |||
|---|---|---|---|
| msg383898 - (view) | Author: Donát Nagy (nagdon) | Date: 2020-12-28 15:42 | |
The is_suburi(self, base, test) method of HTTPPasswordMgr in the urllib.request module tries to "Check if test is below base in a URI tree", but it uses the posixpath.commonprefix() function. This is problematic because commonprefix ignores the path structure (for example commonprefix(['/usr/lib', '/usr/local/lib'])=='/usr/l') and therefore the current implementation of is_suburi is essentially equivalent to calling str.startswith after some normalization steps. If we want to say that example.com/resource101 is *NOT* below example.com/resource1 in a URI tree, then the call to commonprefix should be replaced by a call to posixpath.commonpath(), which does the right thing. |
|||
| msg413986 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) *  |
Date: 2022-02-25 12:00 | |
Sorry I did not notice this issue. It is now solved in issue46756. In any case thank you for the report and the PR. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:39 | admin | set | github: 86932 |
| 2022-02-25 12:00:31 | serhiy.storchaka | set | status: open -> closed superseder: Incorrect authorization check in urllib.request nosy: + serhiy.storchaka messages: + msg413986 resolution: duplicate stage: patch review -> resolved |
| 2021-07-06 21:38:32 | terry.reedy | set | nosy:
+ orsenthil |
| 2021-01-09 20:31:09 | Fongeme | set | keywords:
+ patch nosy: + Fongeme pull_requests: + pull_request23007 stage: patch review |
| 2020-12-28 15:42:33 | nagdon | create | |