]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f38b84) | patch
bpo-30458: Disallow control chars in http URLs. (GH-12755)
authorGregory P. Smith <greg@krypto.org>
Wed, 1 May 2019 02:12:21 +0000 (19:12 -0700)
committerGitHub <noreply@github.com>
Wed, 1 May 2019 02:12:21 +0000 (19:12 -0700)
commitc4e671eec20dfcb29b18596a89ef075f826c9f96
treeed97dd046a1467e029caed8416ed6de7182ef53atree | snapshot
parent5f38b8407b071acd96da2c8cde411d0e26967735commit | diff
bpo-30458: Disallow control chars in http URLs. (GH-12755)

Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
Lib/http/client.py diff | blob | history
Lib/test/test_urllib.py diff | blob | history
Lib/test/test_xmlrpc.py diff | blob | history
Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-36276.51E-DA.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.