Message153528
I understand your point of view, but I disagree.
Various libraries and projects rely on urlparse.urlparse and urllib.parse.urlparse.
This bug just blew up in my face. I'm working with Cython and PyQt4.
When a developer relies on ParseResult().netloc being a valid netloc, and .port being None [bool(False)] or a integer between 1-65535 really bad things can happen in a environment that has 0-tolerance for security issues (like C/C++ mixed in python).
I agree that the
if self.scheme == "http":
return 80
elif self.scheme == "https":
[...]
part of my patch is debetable, but we should _at least_ ensure that IF there is a ParseResult().port, the developer can be sure that it is a valid port between 1-65545.
i apologize for upload the whole file; i attached the diff now.
regards,
dan |
|
Date |
User |
Action |
Args |
2012-02-17 02:18:55 | zulla | set | recipients:
+ zulla, orsenthil, r.david.murray |
2012-02-17 02:18:55 | zulla | set | messageid: <1329445135.32.0.140118467683.issue14036@psf.upfronthosting.co.za> |
2012-02-17 02:18:54 | zulla | link | issue14036 messages |
2012-02-17 02:18:54 | zulla | create | |
|