Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(428)

#11662: Redirect vulnerability in urllib/urllib2

Can't Edit
Can't Publish+Mail
Start Review
Created:
6 years, 8 months ago by guido
Modified:
6 years, 8 months ago
Reviewers:
CC:
gvanrossum, barry, Georg, jcea, orsenthil, AntoinePitrou, haypo, Benjamin Peterson, Arfrever, r.david.murray, henri_nerv.fi, devnull_devnull, orsenthil, devnull_psf.upfronthosting.co.za
Visibility:
Public.

Patch Set 1 #

Patch Set 2 #

Patch Set 3 #

Total comments: 6

Patch Set 4 #

Patch Set 5 #

Total comments: 2

Patch Set 6 #

Patch Set 7 #

Unified diffs Side-by-side diffs Delta from patch set Stats Patch
Lib/test/test_urllib.py View 1 chunk +14 lines, -0 lines 0 comments Download
Lib/test/test_urllib2.py View 3 5 6 1 chunk +21 lines, -0 lines 0 comments Download
Lib/urllib.py View 1 4 6 1 chunk +12 lines, -0 lines 0 comments Download
Lib/urllib2.py View 1 4 6 1 chunk +11 lines, -0 lines 0 comments Download
Misc/NEWS View 3 4 5 6 1 chunk +3 lines, -0 lines 0 comments Download

Messages

Total messages: 2
gvanrossum
This looks fine to me but should probably be checked by a currently active core ...
6 years, 8 months ago #1
gvanrossum
6 years, 8 months ago #2
I've backported your tests to 2.5 in Patch 6, and changed my code to raise
IOError (urllib) or HTTPError (urllib2). Once I have general agreement on the
2.5 patch I will try to forward port.

http://bugs.python.org/review/11662/diff/2214/5066
File Lib/urllib/request.py (right):

http://bugs.python.org/review/11662/diff/2214/5066#newcode551
Lib/urllib/request.py:551: if not urlparts.scheme in ('http','https','ftp'):
Please add spaces after these commas (you have this problem in a few other
places too).

http://bugs.python.org/review/11662/diff/2214/5066#newcode1928
Lib/urllib/request.py:1928: errmsg + " Redirection to url '%s' is not allowed."
% newurl,
Please stick to the 80-column limit.
Sign in to reply to this message.

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7