From: Senthil Kumaran <senthil@uthcode.com>
Date: Sat, 21 Jan 2012 03:52:48 +0000 (+0800)
Subject: Fix  Issue6631 - Disallow relative file paths in urllib urlopen
X-Git-Tag: v3.2.3rc1~146
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3800ea9f652817e510a0db27bf124d2b80e7be10;p=thirdparty%2FPython%2Fcpython.git

Fix  Issue6631 - Disallow relative file paths in urllib urlopen
---

diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 5a6dd6541800..f6b48cba234d 100644
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -160,6 +160,9 @@ class urlopen_FileTests(unittest.TestCase):
         for line in self.returned_obj:
             self.assertEqual(line, self.text)
 
+    def test_relativelocalfile(self):
+        self.assertRaises(ValueError,urllib.request.urlopen,'./' + self.pathname)
+
 class ProxyTests(unittest.TestCase):
 
     def setUp(self):
diff --git a/Lib/test/test_urllib2net.py b/Lib/test/test_urllib2net.py
index 54f4e0c6ca44..5fcb4cbca20f 100644
--- a/Lib/test/test_urllib2net.py
+++ b/Lib/test/test_urllib2net.py
@@ -125,6 +125,8 @@ class OtherNetworkTests(unittest.TestCase):
         finally:
             os.remove(TESTFN)
 
+        self.assertRaises(ValueError, urllib.request.urlopen,'./relative_path/to/file')
+
     # XXX Following test depends on machine configurations that are internal
     # to CNRI.  Need to set up a public server with the right authentication
     # configuration for test purposes.
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index cf0657158751..94b713e88557 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -1781,6 +1781,8 @@ class URLopener:
             urlfile = file
             if file[:1] == '/':
                 urlfile = 'file://' + file
+            elif file[:2] == './':
+                raise ValueError("local file url may start with / or file:. Unknown url of type: %s" % url)
             return addinfourl(open(localname, 'rb'), headers, urlfile)
         raise URLError('local file error', 'not on local host')
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 53c258b4ad22..74453c9ebfa7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -103,6 +103,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #6631: Disallow relative file paths in urllib urlopen methods.
+
 - Issue #13722: Avoid silencing ImportErrors when initializing the codecs
   registry.