Message335000
Maybe related to Victor's "Issue 1" described in Issue 32085. That is also a security bug about CRLF in the URL's path, but was opened before Issue 30500 was opened and the code changed, so I'm not sure if it is the same as this or not.
Also there is Issue 13359, a proposal to automatically percent-encode invalid URLs. For a security fix, I'm not sure but it might be safer to raise an exception, rather than rewriting the invalid URL to a valid one. |
|
Date |
User |
Action |
Args |
2019-02-07 03:34:01 | martin.panter | set | recipients:
+ martin.panter, christian.heimes, matrixise, push0ebp |
2019-02-07 03:34:00 | martin.panter | set | messageid: <1549510440.36.0.403946117452.issue35906@roundup.psfhosted.org> |
2019-02-07 03:34:00 | martin.panter | link | issue35906 messages |
2019-02-07 03:34:00 | martin.panter | create | |
|