- Make sure to quote the username and password (SF patch #103236 by

  dogfort).

- Don't drop the data argument when calling open_https() from the
  authentication error handler.

diff --git a/Lib/urllib.py b/Lib/urllib.py
index e79acf02d98806a08cb6e49997fd35e93f0b1b5a..cd22766670e2e744f8abb65fc0f04d71d0e40998 100644 (file)
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -563,7 +563,7 @@ class FancyURLopener(URLopener):
         host = host[i:]
         user, passwd = self.get_user_passwd(host, realm, i)
         if not (user or passwd): return None
-        host = user + ':' + passwd + '@' + host
+        host = quote(user, safe='') + ':' + quote(passwd, safe='') + '@' + host
         newurl = 'http://' + host + selector
         if data is None:
             return self.open(newurl)
@@ -576,9 +576,9 @@ class FancyURLopener(URLopener):
         host = host[i:]
         user, passwd = self.get_user_passwd(host, realm, i)
         if not (user or passwd): return None
-        host = user + ':' + passwd + '@' + host
+        host = quote(user, safe='') + ':' + quote(passwd, safe='') + '@' + host
         newurl = '//' + host + selector
-        return self.open_https(newurl)
+        return self.open_https(newurl, data)
 
     def get_user_passwd(self, host, realm, clear_cache = 0):
         key = realm + '@' + host.lower()