Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

SF patch #497420 (Eduardo Pérez): ftplib: ftp anonymous password 

Instead of sending the real user and host, use "anonymous@" (i.e. no
host name at all!) as the default anonymous FTP password.  This avoids
privacy violations.
This commit is contained in:
Guido van Rossum 2001-12-28 20:54:28 +00:00
parent 5560269675
commit c33e077838
3 changed files with 11 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Doc/lib/libftplib.tex
View File

@ -20,7 +20,7 @@ Here's a sample session using the \module{ftplib} module:
\begin{verbatim} \begin{verbatim}
>>> from ftplib import FTP >>> from ftplib import FTP
>>> ftp = FTP('ftp.cwi.nl') # connect to host, default port >>> ftp = FTP('ftp.cwi.nl') # connect to host, default port
>>> ftp.login() # user anonymous, passwd user@hostname >>> ftp.login() # user anonymous, passwd anonymous@
>>> ftp.retrlines('LIST') # list directory contents >>> ftp.retrlines('LIST') # list directory contents
total 24418 total 24418
drwxrwsr-x 5 ftp-usr pdmaint 1536 Mar 20 09:48 . drwxrwsr-x 5 ftp-usr pdmaint 1536 Mar 20 09:48 .
@ -121,10 +121,7 @@ Log in as the given \var{user}. The \var{passwd} and \var{acct}
parameters are optional and default to the empty string. If no parameters are optional and default to the empty string. If no
\var{user} is specified, it defaults to \code{'anonymous'}. If \var{user} is specified, it defaults to \code{'anonymous'}. If
\var{user} is \code{'anonymous'}, the default \var{passwd} is \var{user} is \code{'anonymous'}, the default \var{passwd} is
\samp{\var{realuser}@\var{host}} where \var{realuser} is the real user \code{'anonymous@'}. This function should be called only
name (glanced from the \envvar{LOGNAME} or \envvar{USER} environment
variable) and \var{host} is the hostname as returned by
\function{socket.gethostname()}. This function should be called only
once for each instance, after a connection has been established; it once for each instance, after a connection has been established; it
should not be called at all if a host and user were given when the should not be called at all if a host and user were given when the
instance was created. Most FTP commands are only allowed after the instance was created. Most FTP commands are only allowed after the

21
Lib/ftplib.py
View File

@ -351,19 +351,14 @@ class FTP:
if not passwd: passwd = '' if not passwd: passwd = ''
if not acct: acct = '' if not acct: acct = ''
if user == 'anonymous' and passwd in ('', '-'): if user == 'anonymous' and passwd in ('', '-'):
# get fully qualified domain name of local host # If there is no anonymous ftp password specified
thishost = socket.getfqdn() # then we'll just use anonymous@
try: # We don't send any other thing because:
if os.environ.has_key('LOGNAME'): # - We want to remain anonymous
realuser = os.environ['LOGNAME'] # - We want to stop SPAM
elif os.environ.has_key('USER'): # - We don't want to let ftp sites to discriminate by the user,
realuser = os.environ['USER'] # host or country.
else: passwd = passwd + 'anonymous@'
realuser = 'anonymous'
except AttributeError:
# Not all systems have os.environ....
realuser = 'anonymous'
passwd = passwd + realuser + '@' + thishost
resp = self.sendcmd('USER ' + user) resp = self.sendcmd('USER ' + user)
if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd) if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd)
if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct) if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct)

1
Misc/ACKS
View File

@ -330,6 +330,7 @@ Randy Pausch
Marcel van der Peijl Marcel van der Peijl
Samuele Pedroni Samuele Pedroni
Steven Pemberton Steven Pemberton
Eduardo Pérez
Tim Peters Tim Peters
Chris Petrilli Chris Petrilli
Geoff Philbrick Geoff Philbrick