New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urllib and urllib2 decode userinfo multiple times #46497
Comments
Both urllib and urllib2 call urllib.unquote() multiple times on data in The effect of this is that if the userinfo section of an FTP url should The proper behavior would be to only ever unquote a given data segment The solution would be to standardize where in urllib and urllib2 the I've attached a patchset for these suggested changes. Very superficial |
Fred: You most recently touched the code impacted by this test, does |
Re-assigned as per maintainers list. |
By confirming the "%2525" case, I guess this is really a bug. But the patch cause test_urllib2.py failed. I modified the patch to fix it. |
This bug exists on py3k also, so I worked out a patch for py3k, too. |
Thanks Ray Allen. Usually the patch against the py3k branch is enough, it will be ported to other branches. |
I am attaching a patch against py3k which adds some tests to demonstrate the original bug when issuing a Request() to a ftp:// URL. To do this, the tests add checks for user and passwd. The previous version of checks asserted that the .user and .passwd of the returned request should be "". Checking .user is necessary to verify the original bug. I was confused by a comment in the fixture, "ftp authentication not yet implemented by FTPHandler", which appeared to justify the assumption that .user and .passwd must be "". This may be true, but .user and .passwd are being set by the Request. The test includes the minimal augmentation to extend on the original behavior of the test. Someone with greater knowledge than I might look at that comment to see if it is out-of-date, or simply too vague. |
I can confirm that the combination of urllib_issue_updated.diff and urllib_ftptests_doubleencode.patch apply cleanly against py3k, that the added tests exercise the described bug, and that the full test suite passes after applying the patches. The patches look clean and conforming to PEP-8. |
Fixed in r86520 (py3k) and r86522 (release31-maint). Shall port to py2.7. |
back-ported to release27-maint in r86554. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: