# Internal: send one line to the server, appending CRLF
def putline(self, line):
+ if '\r' in line or '\n' in line:
+ raise ValueError('an illegal newline character should not be contained')
line = line + CRLF
if self.debugging > 1: print('*put*', self.sanitize(line))
self.sock.sendall(line.encode(self.encoding))
self.assertEqual(self.client.sanitize('PASS 12345'), repr('PASS *****'))
def test_exceptions(self):
+ self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r\n0')
+ self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\n0')
+ self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r0')
self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 400')
self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 499')
self.assertRaises(ftplib.error_perm, self.client.sendcmd, 'echo 500')
def test_all_errors(self):
exceptions = (ftplib.error_reply, ftplib.error_temp, ftplib.error_perm,
- ftplib.error_proto, ftplib.Error, IOError, EOFError)
+ ftplib.error_proto, ftplib.Error, OSError,
+ EOFError)
for x in exceptions:
try:
raise x('exception not included in all_errors set')
Library
-------
+- bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that contains
+ CR or LF. Patch by Dong-hee Na
+
- [Security] bpo-30730: Prevent environment variables injection in subprocess on
Windows. Prevent passing other invalid environment variables and command arguments.
projects / thirdparty / Python / cpython.git / commitdiff
