Author martin.panter
Recipients christian.heimes, martin.panter, matrixise, push0ebp
Date 2019-02-07.03:34:00
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1549510440.36.0.403946117452.issue35906@roundup.psfhosted.org>
In-reply-to
Content
Maybe related to Victor's "Issue 1" described in Issue 32085. That is also a security bug about CRLF in the URL's path, but was opened before Issue 30500 was opened and the code changed, so I'm not sure if it is the same as this or not.

Also there is Issue 13359, a proposal to automatically percent-encode invalid URLs. For a security fix, I'm not sure but it might be safer to raise an exception, rather than rewriting the invalid URL to a valid one.
History
Date User Action Args
2019-02-07 03:34:01martin.pantersetrecipients: + martin.panter, christian.heimes, matrixise, push0ebp
2019-02-07 03:34:00martin.pantersetmessageid: <1549510440.36.0.403946117452.issue35906@roundup.psfhosted.org>
2019-02-07 03:34:00martin.panterlinkissue35906 messages
2019-02-07 03:34:00martin.pantercreate