Issue13696 - Fix 302 Redirection for Relative urls.

This commit is contained in:
Senthil Kumaran 2012-01-04 13:46:59 +08:00
parent b7ffed8a50
commit 6497aa3e00
3 changed files with 17 additions and 2 deletions

View File

@ -1059,6 +1059,19 @@ class HandlerTests(unittest.TestCase):
MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url)
def test_relative_redirect(self):
from_url = "http://example.com/a.html"
relative_url = "/b.html"
h = urllib.request.HTTPRedirectHandler()
o = h.parent = MockOpener()
req = Request(from_url)
req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
valid_url = urllib.parse.urljoin(from_url,relative_url)
h.http_error_302(req, MockFile(), 302, "That's fine",
MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url)
def test_cookie_redirect(self):
# cookies shouldn't leak into redirected requests
from http.cookiejar import CookieJar

View File

@ -552,7 +552,7 @@ class HTTPRedirectHandler(BaseHandler):
# For security reasons we don't allow redirection to anything other
# than http, https or ftp.
if urlparts.scheme not in ('http', 'https', 'ftp'):
if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError(
newurl, code,
"%s - Redirection to url '%s' is not allowed" % (msg, newurl),
@ -1935,7 +1935,7 @@ class FancyURLopener(URLopener):
# We are using newer HTTPError with older redirect_internal method
# This older method will get deprecated in 3.3
if urlparts.scheme not in ('http', 'https', 'ftp'):
if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError(newurl, errcode,
errmsg +
" Redirection to url '%s' is not allowed." % newurl,

View File

@ -97,6 +97,8 @@ Core and Builtins
Library
-------
- Issue #13696: Fix the 302 Relative URL Redirection problem.
- Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for).