git.ipfire.org Git - thirdparty/Python/cpython.git/commit

bpo-46756: Fix authorization check in urllib.request (GH-31353) (GH-31572)

Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Wed, 2 Mar 2022 13:50:32 +0000 (05:50 -0800)
committer	GitHub <noreply@github.com>
	Wed, 2 Mar 2022 13:50:32 +0000 (14:50 +0100)
commit	1c9701a3de0566c085e03dddc14a8508aaae349e
tree	5c193ab56d3e54be17b494088101df6bb99da02e	tree \| snapshot
parent	eb6c840a2414dc057ffcfbb5ad68d6253c8dd57c	commit \| diff

Lib/test/test_urllib2.py		diff \| blob \| blame \| history
Lib/urllib/request.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2022-02-15-11-57-53.bpo-46756.AigSPi.rst	[new file with mode: 0644]	blob