mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-19 16:20:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

[Patch #1574068 by Scott Dial] urllib and urllib2 were using

Browse source 
base64.encodestring() for encoding authentication data.
encodestring() can include newlines for very long input, which
produced broken HTTP headers.

2.4 backport candidate, probably.
This commit is contained in:
Andrew M. Kuchling 2006-10-27 17:13:33 +00:00
parent 7d1d540cc3
commit ff9e7abac8
3 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Lib/urllib.py
View file

@ -302,13 +302,13 @@ class URLopener:
if proxy_passwd: if proxy_passwd:
import base64 import base64
proxy_auth = base64.encodestring(proxy_passwd).strip() proxy_auth = base64.b64encode(proxy_passwd).strip()
else: else:
proxy_auth = None proxy_auth = None
if user_passwd: if user_passwd:
import base64 import base64
auth = base64.encodestring(user_passwd).strip() auth = base64.b64encode(user_passwd).strip()
else: else:
auth = None auth = None
h = httplib.HTTP(host) h = httplib.HTTP(host)
@ -387,12 +387,12 @@ class URLopener:
if not host: raise IOError, ('https error', 'no host given') if not host: raise IOError, ('https error', 'no host given')
if proxy_passwd: if proxy_passwd:
import base64 import base64
proxy_auth = base64.encodestring(proxy_passwd).strip() proxy_auth = base64.b64encode(proxy_passwd).strip()
else: else:
proxy_auth = None proxy_auth = None
if user_passwd: if user_passwd:
import base64 import base64
auth = base64.encodestring(user_passwd).strip() auth = base64.b64encode(user_passwd).strip()
else: else:
auth = None auth = None
h = httplib.HTTPS(host, 0, h = httplib.HTTPS(host, 0,

4
Lib/urllib2.py
View file

@ -674,7 +674,7 @@ class ProxyHandler(BaseHandler):
proxy_type = orig_type proxy_type = orig_type
if user and password: if user and password:
user_pass = '%s:%s' % (unquote(user), unquote(password)) user_pass = '%s:%s' % (unquote(user), unquote(password))
creds = base64.encodestring(user_pass).strip() creds = base64.b64encode(user_pass).strip()
req.add_header('Proxy-authorization', 'Basic ' + creds) req.add_header('Proxy-authorization', 'Basic ' + creds)
hostport = unquote(hostport) hostport = unquote(hostport)
req.set_proxy(hostport, proxy_type) req.set_proxy(hostport, proxy_type)
@ -798,7 +798,7 @@ class AbstractBasicAuthHandler:
user, pw = self.passwd.find_user_password(realm, host) user, pw = self.passwd.find_user_password(realm, host)
if pw is not None: if pw is not None:
raw = "%s:%s" % (user, pw) raw = "%s:%s" % (user, pw)
auth = 'Basic %s' % base64.encodestring(raw).strip() auth = 'Basic %s' % base64.b64encode(raw).strip()
if req.headers.get(self.auth_header, None) == auth: if req.headers.get(self.auth_header, None) == auth:
return None return None
req.add_header(self.auth_header, auth) req.add_header(self.auth_header, auth)

3
Misc/NEWS
View file

@ -110,6 +110,9 @@ Library
- Bug #1576241: fix functools.wraps() to work on built-in functions. - Bug #1576241: fix functools.wraps() to work on built-in functions.
- Patch #1574068: fix urllib/urllib2 to not insert line breaks when
HTTP authentication data was very long.
- Fix a bug in traceback.format_exception_only() that led to an error - Fix a bug in traceback.format_exception_only() that led to an error
being raised when print_exc() was called without an exception set. being raised when print_exc() was called without an exception set.
In version 2.4, this printed "None", restored that behavior. In version 2.4, this printed "None", restored that behavior.