Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces.

Lib/pydoc.py

@@ -2431,8 +2431,8 @@ def _start_server(urlhandler, port):
     class DocServer(http.server.HTTPServer):
 
         def __init__(self, port, callback):
-            self.host = (sys.platform == 'mac') and '127.0.0.1' or 'localhost'
-            self.address = ('', port)
+            self.host = 'localhost'
+            self.address = (self.host, port)
             self.callback = callback
             self.base.__init__(self, self.address, self.handler)
             self.quit = False

Lib/test/test_pydoc.py

@@ -510,6 +510,8 @@ class PydocServerTest(unittest.TestCase):
             return text
 
         serverthread = pydoc._start_server(my_url_handler, port=0)
+        self.assertIn('localhost', serverthread.docserver.address)
+
         starttime = time.time()
         timeout = 1  #seconds
 

Misc/NEWS

@@ -10,6 +10,9 @@ What's New in Python 3.2.6?
 Library
 -------
 
+- Issue #22421: Fix a regression that caused the pydoc server to be bound to
+  all interfaces instead of only localhost.
+
 - Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
   65536 bytes and send a 414 error code for higher lengths. Patch contributed
   by Devin Cook.