]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0028908)
Fix Issue6631 - Disallow relative file paths in urllib urlopen
authorSenthil Kumaran <senthil@uthcode.com>
Sat, 21 Jan 2012 03:52:48 +0000 (11:52 +0800)
committerSenthil Kumaran <senthil@uthcode.com>
Sat, 21 Jan 2012 03:52:48 +0000 (11:52 +0800)
Lib/test/test_urllib.py patch | blob | blame | history
Lib/test/test_urllib2net.py patch | blob | blame | history
Lib/urllib/request.py patch | blob | blame | history
Misc/NEWS patch | blob | blame | history

diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 5a6dd6541800cbee62d40aa647f18dcc6ebccc40..f6b48cba234df1207c5e2f1b09fc6ceed9662aca 100644 (file)
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -160,6 +160,9 @@ class urlopen_FileTests(unittest.TestCase):
         for line in self.returned_obj:
             self.assertEqual(line, self.text)
 
+    def test_relativelocalfile(self):
+        self.assertRaises(ValueError,urllib.request.urlopen,'./' + self.pathname)
+
 class ProxyTests(unittest.TestCase):
 
     def setUp(self):
diff --git a/Lib/test/test_urllib2net.py b/Lib/test/test_urllib2net.py
index 54f4e0c6ca442a21fa3c7f2053f499aee202cd9c..5fcb4cbca20f94a40a4b04f4a288779934e1d496 100644 (file)
--- a/Lib/test/test_urllib2net.py
+++ b/Lib/test/test_urllib2net.py
@@ -125,6 +125,8 @@ class OtherNetworkTests(unittest.TestCase):
         finally:
             os.remove(TESTFN)
 
+        self.assertRaises(ValueError, urllib.request.urlopen,'./relative_path/to/file')
+
     # XXX Following test depends on machine configurations that are internal
     # to CNRI.  Need to set up a public server with the right authentication
     # configuration for test purposes.
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index cf0657158751a8a131c6f1bd17026c4c3a20ed97..94b713e885576613ae866be933b0dc86f4ca160b 100644 (file)
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -1781,6 +1781,8 @@ class URLopener:
             urlfile = file
             if file[:1] == '/':
                 urlfile = 'file://' + file
+            elif file[:2] == './':
+                raise ValueError("local file url may start with / or file:. Unknown url of type: %s" % url)
             return addinfourl(open(localname, 'rb'), headers, urlfile)
         raise URLError('local file error', 'not on local host')
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 53c258b4ad22911c12f4c9ce495af623f4333f02..74453c9ebfa743ada73f211d3fb8163da6bedf0a 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -103,6 +103,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #6631: Disallow relative file paths in urllib urlopen methods.
+
 - Issue #13722: Avoid silencing ImportErrors when initializing the codecs
   registry.
 
Mirror of https://github.com/python/cpython.git