Message 132010 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	barry, benjamin.peterson, georg.brandl, gvanrossum, orsenthil, pitrou, r.david.murray, vstinner
Date	2011-03-24.17:08:37
SpamBayes Score	0.00016340046
Marked as misclassified	No
Message-id	<1300986514.3957.16.camel@localhost.localdomain>
In-reply-to	<AANLkTi=z1yqK-Y4FZnSPHRKBTfokoi-JpzO=UdYRoTw=@mail.gmail.com>

Content
> > Senthil's patch allows a redirect to ftp while Guido's doesn't. > > That is a good question. Should we? It doesn't look like ftp: > participates in the vulnerability, but I'm not sure how useful it is > either. I would say accept it anyway. That way we minimize potential for compatibility breakage. (do we support "ftps" as well? I don't think so) > > Senthil's patch doesn't seem to fix urllib-inherited code, only > urllib2- (see FancyURLopener.redirect_internal()). > > Right, that's for Python 3. FancyURLopener is still present in Python 3 (even though we would like to deprecate it in 3.3).

> > Senthil's patch allows a redirect to ftp while Guido's doesn't.
> 
> That is a good question. Should we? It doesn't look like ftp:
> participates in the vulnerability, but I'm not sure how useful it is
> either.

I would say accept it anyway. That way we minimize potential for
compatibility breakage.
(do we support "ftps" as well? I don't think so)

> > Senthil's patch doesn't seem to fix urllib-inherited code, only
> urllib2- (see FancyURLopener.redirect_internal()).
> 
> Right, that's for Python 3.

FancyURLopener is still present in Python 3 (even though we would like
to deprecate it in 3.3).

History
Date	User	Action	Args
2011-03-24 17:08:38	pitrou	set	recipients: + pitrou, gvanrossum, barry, georg.brandl, orsenthil, vstinner, benjamin.peterson, r.david.murray
2011-03-24 17:08:38	pitrou	link	issue11662 messages
2011-03-24 17:08:37	pitrou	create