git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Miro Hrončok <miro@hroncok.cz>
	Wed, 8 May 2019 16:33:24 +0000 (18:33 +0200)
committer	Ned Deily <nad@python.org>
	Wed, 8 May 2019 16:33:24 +0000 (12:33 -0400)
commit	c50d437e942d4c4c45c8cd76329b05340c02eb31
tree	e7da4e6be490c8da2beb5e6fc26f1f1e9bc3eb4f	tree \| snapshot
parent	e5f9f4adb95233c66578e6f7ea176687af2f78ca	commit \| diff

bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13155)

Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok <miro@hroncok.cz>

Lib/http/client.py		diff \| blob \| blame \| history
Lib/test/test_urllib.py		diff \| blob \| blame \| history
Lib/test/test_xmlrpc.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst	[new file with mode: 0644]	blob