This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author mibanescu
Recipients mibanescu
Date 2008-12-16.19:27:10
SpamBayes Score 0.023691822
Marked as misclassified No
Message-id <1229455632.0.0.358250268025.issue4675@psf.upfronthosting.co.za>
In-reply-to
Content 
According to http://www.ietf.org/rfc/rfc2617.txt section 2, in basic
HTTP authentication the password can be any character (including newline).

urllib does the following:

_passwdprog = re.compile('^([^:]*):(.*)$')

That should be changed to:

_passwdprog = re.compile('^([^:]*):(.*)$', re.S)

otherwise newlines will not be caught by the second part of the regex,
and bad things are produced.

For a password with regular chars in it:

> python -c "import urllib; print urllib.splitpasswd('user:ab')"
('user', 'ab')

For a password with a newline:
> python -c "import urllib; print urllib.splitpasswd('user:a\nb')"
('user:a\nb', None)

The expected result should have been ('user', 'a\nb')
History
Date User Action Args
2008-12-16 19:27:12mibanescusetrecipients: + mibanescu
2008-12-16 19:27:12mibanescusetmessageid: <1229455632.0.0.358250268025.issue4675@psf.upfronthosting.co.za>
2008-12-16 19:27:10mibanesculinkissue4675 messages
2008-12-16 19:27:10mibanescucreate