Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue13696 - Fix 302 Redirection for Relative urls.

This commit is contained in:
Senthil Kumaran 2012-01-04 13:46:59 +08:00
parent b7ffed8a50
commit 6497aa3e00
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Lib/test/test_urllib2.py
View File

@ -1059,6 +1059,19 @@ class HandlerTests(unittest.TestCase):
MockHeaders({"location": valid_url})) MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url) self.assertEqual(o.req.get_full_url(), valid_url)
def test_relative_redirect(self):
from_url = "http://example.com/a.html"
relative_url = "/b.html"
h = urllib.request.HTTPRedirectHandler()
o = h.parent = MockOpener()
req = Request(from_url)
req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
valid_url = urllib.parse.urljoin(from_url,relative_url)
h.http_error_302(req, MockFile(), 302, "That's fine",
MockHeaders({"location": valid_url}))
self.assertEqual(o.req.get_full_url(), valid_url)
def test_cookie_redirect(self): def test_cookie_redirect(self):
# cookies shouldn't leak into redirected requests # cookies shouldn't leak into redirected requests
from http.cookiejar import CookieJar from http.cookiejar import CookieJar

4
Lib/urllib/request.py
View File

@ -552,7 +552,7 @@ class HTTPRedirectHandler(BaseHandler):
# For security reasons we don't allow redirection to anything other # For security reasons we don't allow redirection to anything other
# than http, https or ftp. # than http, https or ftp.
if urlparts.scheme not in ('http', 'https', 'ftp'): if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError( raise HTTPError(
newurl, code, newurl, code,
"%s - Redirection to url '%s' is not allowed" % (msg, newurl), "%s - Redirection to url '%s' is not allowed" % (msg, newurl),
@ -1935,7 +1935,7 @@ class FancyURLopener(URLopener):
# We are using newer HTTPError with older redirect_internal method # We are using newer HTTPError with older redirect_internal method
# This older method will get deprecated in 3.3 # This older method will get deprecated in 3.3
if urlparts.scheme not in ('http', 'https', 'ftp'): if urlparts.scheme not in ('http', 'https', 'ftp', ''):
raise HTTPError(newurl, errcode, raise HTTPError(newurl, errcode,
errmsg + errmsg +
" Redirection to url '%s' is not allowed." % newurl, " Redirection to url '%s' is not allowed." % newurl,

2
Misc/NEWS
View File

@ -97,6 +97,8 @@ Core and Builtins
Library Library
------- -------
- Issue #13696: Fix the 302 Relative URL Redirection problem.
- Issue #13636: Weak ciphers are now disabled by default in the ssl module - Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for). (except when SSLv2 is explicitly asked for).