]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a850ef6) | patch
Prevent HTTPoxy attack (CVE-2016-1000110)
authorSenthil Kumaran <senthil@uthcode.com>
Sat, 30 Jul 2016 12:49:53 +0000 (05:49 -0700)
committerSenthil Kumaran <senthil@uthcode.com>
Sat, 30 Jul 2016 12:49:53 +0000 (05:49 -0700)
commit75d7b615ba70fc5759d16dee95bbd8f0474d8a9c
tree6fedc2530db2160bf68039a3bf28b4fefbb39743tree | snapshot
parenta850ef698e55d07173051747e96207496c6f1bdbcommit | diff
Prevent HTTPoxy attack (CVE-2016-1000110)

Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue reported and patch contributed by RĂ©mi Rampin.
Doc/howto/urllib2.rst diff | blob | history
Doc/library/urllib.rst diff | blob | history
Doc/library/urllib2.rst diff | blob | history
Lib/test/test_urllib.py diff | blob | history
Lib/urllib.py diff | blob | history
Misc/ACKS diff | blob | history
Misc/NEWS diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.