Message 315668 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	benaryorg
Recipients	benaryorg
Date	2018-04-23.13:44:30
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1524491070.85.0.682650639539.issue33342@psf.upfronthosting.co.za>
In-reply-to

Content
The documentation specifies to follow RFC 2396 (https://tools.ietf.org/html/rfc2396.html) but fails to parse a user:password@host url in urllib.parse.urlsplit (https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlsplit) when the password contains an '[' character. This is because the urlsplit code does not strip the authority part (everything from index 0 up to and including the last '@') before checking whether the hostname contains '[' for detecting whether it's an IPv6 address (https://github.com/python/cpython/blob/8a6f4b4bba950fb8eead1b176c58202d773f2f70/Lib/urllib/parse.py#L416-L418).

The documentation specifies to follow RFC 2396 (https://tools.ietf.org/html/rfc2396.html) but fails to parse a user:password@host url in urllib.parse.urlsplit (https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlsplit) when the password contains an '[' character.
This is because the urlsplit code does not strip the authority part (everything from index 0 up to and including the last '@') before checking whether the hostname contains '[' for detecting whether it's an IPv6 address (https://github.com/python/cpython/blob/8a6f4b4bba950fb8eead1b176c58202d773f2f70/Lib/urllib/parse.py#L416-L418).

History
Date	User	Action	Args
2018-04-23 13:44:30	benaryorg	set	recipients: + benaryorg
2018-04-23 13:44:30	benaryorg	set	messageid: <1524491070.85.0.682650639539.issue33342@psf.upfronthosting.co.za>
2018-04-23 13:44:30	benaryorg	link	issue33342 messages
2018-04-23 13:44:30	benaryorg	create