]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b57426) | patch
bpo-42967: only use '&' as a query string separator (#24297)
authorAdam Goldschmidt <adamgold7@gmail.com>
Sun, 14 Feb 2021 22:41:57 +0000 (00:41 +0200)
committerGitHub <noreply@github.com>
Sun, 14 Feb 2021 22:41:57 +0000 (14:41 -0800)
commitfcbe0cb04d35189401c0c880ebfb4311e952d776
tree48ca1701d13be00517881423fcfd99b8a9ae9445tree | snapshot
parent1b57426e3a7842b4e6f9fc13ffb657c78e5443d4commit | diff
bpo-42967: only use '&' as a query string separator (#24297)

bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().

urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.

Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>
12 files changed:
Doc/library/cgi.rst diff | blob | blame | history
Doc/library/urllib.parse.rst diff | blob | blame | history
Doc/whatsnew/3.10.rst diff | blob | blame | history
Doc/whatsnew/3.6.rst diff | blob | blame | history
Doc/whatsnew/3.7.rst diff | blob | blame | history
Doc/whatsnew/3.8.rst diff | blob | blame | history
Doc/whatsnew/3.9.rst diff | blob | blame | history
Lib/cgi.py diff | blob | blame | history
Lib/test/test_cgi.py diff | blob | blame | history
Lib/test/test_urlparse.py diff | blob | blame | history
Lib/urllib/parse.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git