]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15d7594) | patch
bpo-46756: Fix authorization check in urllib.request (GH-31353) (GH-31573)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Fri, 25 Feb 2022 17:49:43 +0000 (09:49 -0800)
committerGitHub <noreply@github.com>
Fri, 25 Feb 2022 17:49:43 +0000 (12:49 -0500)
commit31fef7edf951fb759004c58ae64df18bc32ea376
tree3e85320cbbee6a8cf274f9a18ef98862ab27195ftree | snapshot
parent15d7594d9974cfef10e65cbb01161168c42abe9dcommit | diff
bpo-46756: Fix authorization check in urllib.request (GH-31353) (GH-31573)

Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/test/test_urllib2.py diff | blob | blame | history
Lib/urllib/request.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2022-02-15-11-57-53.bpo-46756.AigSPi.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git