mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-02 03:01:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

merge from 3.2

Browse source
This commit is contained in:
Senthil Kumaran 2012-01-04 14:47:30 +08:00
commit 239a0429fd
3 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Lib/test/test_urllib2.py
View file

@ -1076,6 +1076,19 @@ class HandlerTests(unittest.TestCase):
MockHeaders({"location": valid_url})) MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url) self.assertEqual(o.req.get_full_url(), valid_url)
def test_relative_redirect(self):
from_url = "http://example.com/a.html"
relative_url = "/b.html"
h = urllib.request.HTTPRedirectHandler()
o = h.parent = MockOpener()
req = Request(from_url)
req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
valid_url = urllib.parse.urljoin(from_url,relative_url)
h.http_error_302(req, MockFile(), 302, "That's fine",
MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url)
def test_cookie_redirect(self): def test_cookie_redirect(self):
# cookies shouldn't leak into redirected requests # cookies shouldn't leak into redirected requests
from http.cookiejar import CookieJar from http.cookiejar import CookieJar

4
Lib/urllib/request.py
View file

@ -572,7 +572,7 @@ class HTTPRedirectHandler(BaseHandler):
# For security reasons we don't allow redirection to anything other # For security reasons we don't allow redirection to anything other
# than http, https or ftp. # than http, https or ftp.
if urlparts.scheme not in ('http', 'https', 'ftp'): if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError( raise HTTPError(
newurl, code, newurl, code,
"%s - Redirection to url '%s' is not allowed" % (msg, newurl), "%s - Redirection to url '%s' is not allowed" % (msg, newurl),
@ -1963,7 +1963,7 @@ class FancyURLopener(URLopener):
# We are using newer HTTPError with older redirect_internal method # We are using newer HTTPError with older redirect_internal method
# This older method will get deprecated in 3.3 # This older method will get deprecated in 3.3
if urlparts.scheme not in ('http', 'https', 'ftp'): if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError(newurl, errcode, raise HTTPError(newurl, errcode,
errmsg + errmsg +
" Redirection to url '%s' is not allowed." % newurl, " Redirection to url '%s' is not allowed." % newurl,

2
Misc/NEWS
View file

@ -422,6 +422,8 @@ Core and Builtins
Library Library
------- -------
- Issue #13696: Fix the 302 Relative URL Redirection problem.
- Issue #13636: Weak ciphers are now disabled by default in the ssl module - Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for). (except when SSLv2 is explicitly asked for).