]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 632a812) | patch
bpo-46756: Fix authorization check in urllib.request (GH-31353)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Fri, 25 Feb 2022 11:57:30 +0000 (03:57 -0800)
committerGitHub <noreply@github.com>
Fri, 25 Feb 2022 11:57:30 +0000 (03:57 -0800)
commit2b7e04d61274af03426975fe824ed83eca35b035
tree8497c04c372d92b643d77ea0158f3c3eb65abd47tree | snapshot
parent632a8121d4d577541c3fddffc986bcb8d8d545b6commit | diff
bpo-46756: Fix authorization check in urllib.request (GH-31353)

Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/test/test_urllib2.py diff | blob | blame | history
Lib/urllib/request.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2022-02-15-11-57-53.bpo-46756.AigSPi.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git