Message77919
According to http://www.ietf.org/rfc/rfc2617.txt section 2, in basic
HTTP authentication the password can be any character (including newline).
urllib does the following:
_passwdprog = re.compile('^([^:]*):(.*)$')
That should be changed to:
_passwdprog = re.compile('^([^:]*):(.*)$', re.S)
otherwise newlines will not be caught by the second part of the regex,
and bad things are produced.
For a password with regular chars in it:
> python -c "import urllib; print urllib.splitpasswd('user:ab')"
('user', 'ab')
For a password with a newline:
> python -c "import urllib; print urllib.splitpasswd('user:a\nb')"
('user:a\nb', None)
The expected result should have been ('user', 'a\nb') |
|
Date |
User |
Action |
Args |
2008-12-16 19:27:12 | mibanescu | set | recipients:
+ mibanescu |
2008-12-16 19:27:12 | mibanescu | set | messageid: <1229455632.0.0.358250268025.issue4675@psf.upfronthosting.co.za> |
2008-12-16 19:27:10 | mibanescu | link | issue4675 messages |
2008-12-16 19:27:10 | mibanescu | create | |
|