git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Senthil Kumaran <senthil@uthcode.com>
	Mon, 15 Feb 2021 19:16:43 +0000 (11:16 -0800)
committer	GitHub <noreply@github.com>
	Mon, 15 Feb 2021 19:16:43 +0000 (14:16 -0500)
commit	5c17dfc5d70ce88be99bc5769b91ce79d7a90d61
tree	57c06e80ae27e24f0657249d640eb25e19f9f5ac	tree
parent	34df10a9a16b38d54421eeeaf73ec89828563be7	commit \| diff

[3.6] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24532)

bpo-42967: [security] Address a web cache-poisoning issue reported in
urllib.parse.parse_qsl().

urllib.parse will only us "&" as query string separator by default
instead of both ";" and "&" as allowed in earlier versions. An optional
argument seperator with default value "&" is added to specify the
separator.

Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>

Doc/library/cgi.rst		diff \| blob \| blame \| history
Doc/library/urllib.parse.rst		diff \| blob \| blame \| history
Doc/whatsnew/3.6.rst		diff \| blob \| blame \| history
Lib/cgi.py		diff \| blob \| blame \| history
Lib/test/test_cgi.py		diff \| blob \| blame \| history
Lib/test/test_urlparse.py		diff \| blob \| blame \| history
Lib/urllib/parse.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom