Message 335000 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	martin.panter
Recipients	christian.heimes, martin.panter, matrixise, push0ebp
Date	2019-02-07.03:34:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1549510440.36.0.403946117452.issue35906@roundup.psfhosted.org>
In-reply-to

Content
Maybe related to Victor's "Issue 1" described in Issue 32085. That is also a security bug about CRLF in the URL's path, but was opened before Issue 30500 was opened and the code changed, so I'm not sure if it is the same as this or not. Also there is Issue 13359, a proposal to automatically percent-encode invalid URLs. For a security fix, I'm not sure but it might be safer to raise an exception, rather than rewriting the invalid URL to a valid one.

Maybe related to Victor's "Issue 1" described in Issue 32085. That is also a security bug about CRLF in the URL's path, but was opened before Issue 30500 was opened and the code changed, so I'm not sure if it is the same as this or not.

Also there is Issue 13359, a proposal to automatically percent-encode invalid URLs. For a security fix, I'm not sure but it might be safer to raise an exception, rather than rewriting the invalid URL to a valid one.

History
Date	User	Action	Args
2019-02-07 03:34:01	martin.panter	set	recipients: + martin.panter, christian.heimes, matrixise, push0ebp
2019-02-07 03:34:00	martin.panter	set	messageid: <1549510440.36.0.403946117452.issue35906@roundup.psfhosted.org>
2019-02-07 03:34:00	martin.panter	link	issue35906 messages
2019-02-07 03:34:00	martin.panter	create