436fe5a447
[merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110)
...
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
2016-07-30 23:34:34 -07:00
4cbb23f8f2
Prevent HTTPoxy attack (CVE-2016-1000110)
...
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
2016-07-30 23:24:16 -07:00
29f256909f
Issue #22797 : Synchronize urlopen() doc string with RST documentation
2016-06-04 05:06:34 +00:00
0f29ad1be5
More typo fixes for 3.6
2016-06-04 05:06:25 +00:00
d2367c651e
Clean up urlopen doc string.
...
Clarifies what is returned when and that the methods are common between the two.
Patch by Alexander Liu as part of #22797 .
2016-06-03 20:16:06 -04:00
0b39a556e8
Issue #14132 , Issue #17214 : Merge two redirect handling fixes from 3.5
2016-05-16 07:45:28 +00:00
e6f060903c
Issue #17214 : Percent-encode non-ASCII bytes in redirect targets
...
Some servers send Location header fields with non-ASCII bytes, but "http.
client" requires the request target to be ASCII-encodable, otherwise a
UnicodeEncodeError is raised. Based on patch by Christian Heimes.
Python 2 does not suffer any problem because it allows non-ASCII bytes in the
HTTP request target.
2016-05-16 01:14:20 +00:00
ce6e06874b
Issue #14132 : Fix redirect handling when target is just a query string
2016-05-16 01:07:13 +00:00
5d1110a952
merge from 3.5
...
Issue #26892 : Honor debuglevel flag in urllib.request.HTTPHandler.
Patch contributed by Chi Hsuan Yen.
2016-05-13 01:35:29 -07:00
9642eedc0a
Issue #26892 : Honor debuglevel flag in urllib.request.HTTPHandler.
...
Patch contributed by Chi Hsuan Yen.
2016-05-13 01:32:42 -07:00
51b697b7f3
Issue #26864 : Merge no_proxy fixes from 3.5
2016-04-30 01:30:57 +00:00
aa27982ffc
Issue #26864 : Fix case insensitivity and suffix comparison with no_proxy
...
Patch by Xiang Zhang.
2016-04-30 01:03:40 +00:00
0996fa3bd8
merge 3.5
...
Issue #26804 : urllib.request will prefer lower_case proxy environment variables
over UPPER_CASE or Mixed_Case ones.
Patch contributed by Hans-Peter Jansen. Reviewed by Martin Panter and Senthil Kumaran.
2016-04-25 08:18:07 -07:00
a7c0ff2f0b
Issue #26804 : urllib.request will prefer lower_case proxy environment variables
...
over UPPER_CASE or Mixed_Case ones.
Patch contributed by Hans-Peter Jansen. Reviewed by Martin Panter and Senthil Kumaran.
2016-04-25 08:16:23 -07:00
48238c7e37
Issue #2202 : Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls
...
Raise ValueError if algorithm is not MD5 or SHA.
Initial patch by Mathieu Dupuy.
2016-03-06 16:17:47 +02:00
e88dd1c32c
Issue #2202 : Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls
...
Raise ValueError if algorithm is not MD5 or SHA.
Initial patch by Mathieu Dupuy.
2016-03-06 16:16:40 +02:00
885bdc4946
Issue #25985 : sys.version_info is now used instead of sys.version
...
to format short Python version.
2016-02-11 13:10:36 +02:00
a3643c280f
Issue #12923 : Merge FancyURLopener fix from 3.5
2016-02-06 01:08:40 +00:00
a03702252f
Issue #12923 : Reset FancyURLopener's redirect counter even on exception
...
Based on patches by Brian Brazil and Daniel Rocco.
2016-02-04 06:01:35 +00:00
3fd4a735d8
Issue #25899 : Converted non-ASCII characters in docstrings and manpage
...
to ASCII replacements. Removed UTF-8 BOM from Misc/NEWS.
Original patch by Chris Angelico.
2015-12-18 13:10:37 +02:00
f65dd1d4db
Issue #25576 : Apply fix to new urlopen() doc string
2015-11-24 23:00:37 +00:00
507343a2ef
Add missing docstring
2015-08-18 00:35:52 -07:00
1f9a29f31b
Issue #24021 : docstring for urllib.urlcleanup.
...
Patch from Daniel Andrade Groppe and Peter Lovett
2015-08-04 12:52:43 +12:00
2fee5c9367
Issue #24021 : docstring for urllib.urlcleanup.
...
Patch from Daniel Andrade Groppe and Peter Lovett
2015-08-04 12:52:06 +12:00
4c7f995e80
#7159 : generalize urllib prior auth support.
...
This fix is a superset of the functionality introduced by the issue #19494
enhancement, and supersedes that fix. Instead of a new handler, we have a new
password manager that tracks whether we should send the auth for a given uri.
This allows us to say "always send", satisfying #19494 , or track that we've
succeeded in auth and send the creds right away on every *subsequent* request.
The support for using the password manager is added to AbstractBasicAuth,
which means the proxy handler also now can handle prior auth if passed
the new password manager.
Patch by Akshit Khurana, docs mostly by me.
2015-04-16 16:36:18 -04:00
a9dd680d23
(Merge 3.4) Issue #23881 : urllib.request.ftpwrapper constructor now closes the
...
socket if the FTP connection failed to fix a ResourceWarning.
2015-04-07 12:50:24 +02:00
ab73e65032
Issue #23881 : urllib.request.ftpwrapper constructor now closes the socket if
...
the FTP connection failed to fix a ResourceWarning.
2015-04-07 12:49:27 +02:00
b666697fa8
use context's check_hostname attribute rather than the HTTPSHandler check_hostname parameter
2014-12-07 13:46:02 -05:00
074b95da48
merge 3.4
2014-12-07 13:47:39 -05:00
c216c48699
Close #19494 : add urrlib.request.HTTPBasicPriorAuthHandler
...
This auth handler adds the Authorization header to the first
HTTP request rather than waiting for a HTTP 401 Unauthorized
response from the server as the default HTTPBasicAuthHandler
does.
This allows working with websites like https://api.github.com which do
not follow the strict interpretation of RFC, but more the dicta in the
end of section 2 of RFC 2617:
> A client MAY preemptively send the corresponding Authorization
> header with requests for resources in that space without receipt
> of another challenge from the server. Similarly, when a client
> sends a request to a proxy, it may reuse a userid and password in
> the Proxy-Authorization header field without receiving another
> challenge from the proxy server. See section 4 for security
> considerations associated with Basic authentication.
Patch by Matej Cepl.
2014-11-12 23:33:50 +10:00
8b7e161ac3
backport context argument of urlopen ( #22366 ) for pep 476
2014-09-19 15:23:30 +08:00
a5c85b3f5f
Issue #22366 : urllib.request.urlopen will accept a context object (SSLContext)
...
as an argument which will then used be for HTTPS connection.
Patch by Alex Gaynor.
2014-09-19 15:23:30 +08:00
f54c350160
Issue #19524 : Fixed resource leak in the HTTP connection when an invalid
...
response is received. Patch by Martin Panter.
2014-09-06 21:41:39 +03:00
783737625d
Fix Issue #8797 : Raise HTTPError on failed Basic Authentication immediately. Initial patch by Sam Bull.
2014-08-20 07:53:58 +05:30
402df0975c
backout changeset 3435c5865cfc due to buildbot failures. Ref #8797
2014-08-16 22:52:37 +05:30
b2e3a939bf
Fix Issue #8797 : Raise HTTPError on failed Basic Authentication immediately. Initial patch by Sam Bull.
2014-08-16 14:17:38 +05:30
bc07ac5180
Fix localhost checking in FileHandler. Raised in #21970 .
2014-07-22 00:15:20 -07:00
3c2dca67ac
in ftp cache pruning, avoid changing the size of a dict while iterating over it ( closes #21463 )
...
Patch by Skyler Leigh Amador.
2014-06-07 15:08:04 -07:00
d8e24f1f71
Convert urllib.request parse_proxy doctests to unittests.
2014-04-14 16:32:20 -04:00
78c8538461
fix typo
2014-04-01 16:27:30 -04:00
5dd3caed2b
simplify check, since now there are only new-style classes
2014-04-01 14:20:56 -04:00
b6fac245b5
Backporing the fix from Issue #12692
2013-12-28 17:36:18 -08:00
67986f9431
Issue #19735 : Implement private function ssl._create_stdlib_context() to
...
create SSLContext objects in Python's stdlib module. It provides a single
configuration point and makes use of SSLContext.load_default_certs().
2013-11-23 22:43:47 +01:00
aae6a1d76f
Issue #18978 : A more elegant technique for resolving the method
2013-09-08 12:54:33 -04:00
7dc4f4bbab
Issue #18978 : Allow Request.method to be defined at the class level.
2013-09-08 12:47:07 -04:00
cd171c8e92
Issue #18200 : Back out usage of ModuleNotFoundError (8d28d44f3a9a)
2013-07-04 17:43:24 -04:00
0a140668fa
Issue #18200 : Update the stdlib (except tests) to use
...
ModuleNotFoundError.
2013-06-13 20:57:26 -04:00
caa00fec19
Fix #17967 - Fix related to regression on Windows.
...
os.path.join(*self.dirs) produces an invalid path on windows.
ftp paths are always forward-slash seperated like this. /pub/dir.
2013-06-02 11:59:47 -07:00
dcdadfe39a
Fix thishost helper funtion in urllib. Returns the ipaddress of localhost when
...
hostname is resolvable by socket.gethostname for local machine. This all fixes
certain freebsd builtbot failures.
2013-06-01 11:12:17 -07:00
4e42ae81f6
Fix #17967 : For ftp urls CWD to target instead of hopping to each directory
...
towards target. This fixes a bug where target is accessible, but parent
directories are restricted.
2013-06-01 08:27:06 -07:00
5ccf2ff3e9
merge from 3.3
...
Fix #17967 - Fix related to regression on Windows.
os.path.join(*self.dirs) produces an invalid path on windows.
ftp paths are always forward-slash seperated like this. /pub/dir.
2013-06-02 12:00:45 -07:00
88249b80d7
merge from 3.3
...
Fix thishost helper funtion in urllib. Returns the ipaddress of localhost when
hostname is resolvable by socket.gethostname for local machine. This all fixes
certain freebsd builtbot failures.
2013-06-01 11:12:52 -07:00
e9ec2e173d
merge from 3.3
...
Fix #17967 : For ftp urls CWD to target instead of hopping to each directory
towards target. This fixes a bug where target is accessible, but parent
directories are restricted.
2013-06-01 08:27:53 -07:00
8307075ce8
Fix #17272 - Make Request.full_url and Request.get_full_url return same result under all circumstances.
...
Document the change of Request.full_url to a property.
2013-05-24 09:14:12 -07:00
fa6bdc6d86
merge 3.3
2013-05-12 19:02:05 -05:00
901a278861
use correct format code for exceptions
2013-05-12 19:01:52 -05:00
5238092592
Issue #17272 : Making the urllib.request's Request.full_url a descriptor. Fixes
...
bugs with assignment to full_url. Patch by Demian Brecht.
2013-04-25 05:45:48 -07:00
4a2ab120f3
Issue #17483 : 3.3 Branch - Remove unreachable code in urllib.request
2013-04-04 19:34:02 -07:00
c616604a15
Merge: Use repr when printing unknown url type in urlopen.
2013-04-03 07:01:07 -04:00
d8a46969f7
Use repr when printing unknown url type in urlopen.
2013-04-03 06:58:34 -04:00
9a8d6934df
Issue #17483 : remove unreachable code in urlopen().
2013-04-01 18:55:35 +02:00
9cc7d45571
#17485 : Delete the Content-Length header if the data attribute is deleted.
...
This is a follow on to issue 16464. Original patch by Daniel Wozniak.
2013-03-20 00:10:51 -04:00
41518b4af0
#17474 - Remove the various deprecated methods of Request class.
2013-03-18 18:06:00 -07:00
f7a17b48d7
Replace IOError with OSError ( #16715 )
2012-12-25 16:47:37 +02:00
2606a6f197
Issue #16719 : Get rid of WindowsError. Use OSError instead
...
Patch by Serhiy Storchaka.
2012-12-19 14:33:35 +02:00
0832af6628
Issue #16717 : get rid of socket.error, replace with OSError
2012-12-18 23:10:48 +02:00
3438fa496d
Get rig of EnvironmentError ( #16705 )
2012-12-17 23:35:18 +02:00
bff98fe536
Issue #16464 : reset Request's Content-Length header on .data change.
...
It will be recalculated on sending request to HTTP server.
Patch by Alexey Kachayev
2012-11-27 23:06:19 +02:00
df204be922
Issue #16423 : urllib.request now has support for ``data:`` URLs.
...
Patch by Mathias Panzenböck.
2012-11-24 17:59:08 +01:00
b696610c2d
Fixes issue #16409 : The reporthook callback made by the legacy
...
urllib.request.urlretrieve API now properly supplies a constant
non-zero block_size as it did in Python 3.2 and 2.7. This matches the
behavior of urllib.request.URLopener.retrieve.
2012-11-10 13:44:50 -08:00
6b0bdab429
Fixes issue #16409 : The reporthook callback made by the legacy
...
urllib.request.urlretrieve API now properly supplies a constant
non-zero block_size as it did in Python 3.2 and 2.7. This matches the
behavior of urllib.request.URLopener.retrieve.
2012-11-10 13:43:44 -08:00
cc2f0421c7
Issue #16250 : Fix URLError invocation with proper args
2012-10-27 02:48:21 -07:00
cad7b31467
Issue #16250 : Fix URLError invocation with proper args.
2012-10-27 02:26:46 -07:00
40d8078f41
Issue #16301 : Fix the localhost verification in urllib/request.py for file://. Modify tests to use localhost for local temp files, which could make Windows Buildbot ( #16300 ) happy
2012-10-22 09:43:04 -07:00
3ebef36eea
Issue #16250 : Fix the invocations of URLError which had misplaced filename attribute for exception
2012-10-21 18:31:25 -07:00
f577686fd3
Issue #10836 : Fix exception raised when file not found in urlretrieve
2012-10-21 13:30:02 -07:00
bd26b5463e
Issue #12692 : Fix resource leak in urllib.request.
2012-10-21 17:37:43 +02:00
2d51f687e1
Fix issue #16270 : urllib may hang when used for retrieving files via FTP by using a context manager.
2012-10-19 13:40:28 +02:00
b0cc91290c
Fix issue #16270 : urllib may hang when used for retrieving files via FTP by using a context manager.
2012-10-19 13:34:32 +02:00
89e92854b6
Fix issue #16270 : urllib may hang when used for retrieving files via FTP by using a context manager.
2012-10-19 13:25:17 +02:00
612a815820
revert the changes done for issue14826 - quoting witin Request is not desirable.
2012-07-08 18:00:47 -07:00
168456df11
revert the changes done for issue14826 - quoting witin Request is not desirable.
2012-07-08 17:47:25 -07:00
25bfb529bd
issue 14826 - Address the buildbot failure quote of url is the required change ( explanation msg164973)
2012-07-08 02:16:08 -07:00
45ce4dc73e
issue 14826 - Address the buildbot failure ( explanation msg164973)
2012-07-08 02:08:48 -07:00
540715a369
Fix issue14826 - make urllib.request.Request quoted url consistent with URLOpener open method.
...
Patch contributed by Stephen Thorne.
2012-07-07 17:15:52 -07:00
b7451cecad
Fix issue14826 - make urllib.request.Request quoted url consistent with URLOpener open method.
...
Patch contributed by Stephen Thorne.
2012-07-07 17:11:44 -07:00
496660c56b
Partial backport of 612f34e31270: fix spacing error in exception message.
2012-06-24 20:01:05 +02:00
fcbdbf22e3
urllib.request: fix spacing errors in exception/warning messages.
2012-06-24 19:56:31 +02:00
de9ac6c2e5
Issue #14780 : urllib.request.urlopen() now has a `cadefault` argument to use the default certificate store.
...
Initial patch by James Oakley.
2012-05-16 21:40:01 +02:00
92a5bf0c0a
Issue12541 - Add UserWarning for unquoted realms
2012-05-16 00:03:29 +08:00
0ea91cb5c6
Issue12541 - Add UserWarning for unquoted realms
2012-05-15 23:59:42 +08:00
b26fe2f313
merge from 3.2 - Issue #12541 : Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2.
2012-05-15 22:39:17 +08:00
34f3fcc269
Issue #12541 : Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2.
...
G: changed Misc/NEWS
2012-05-15 22:30:25 +08:00
e53d977e80
Explain the use of charset parameter with Content-Type header: issue11082
2012-03-15 18:15:34 -07:00
6b3434ae04
Explain the use of charset parameter with Content-Type header. Issue11082
2012-03-15 18:11:16 -07:00
38b968b913
deprecated the old urllib primitives in 3.3 urllib package - issue 10050
2012-03-14 13:43:53 -07:00
e24f96a059
Issue10050 - urlretrieve uses newer urlopen. reporthook of urlretrieve takes, block number, block read size, file_size
2012-03-13 19:29:33 -07:00
3242577a08
merge from 3.2
2012-01-21 11:55:40 +08:00
3800ea9f65
Fix Issue6631 - Disallow relative file paths in urllib urlopen
2012-01-21 11:52:48 +08:00
4479577388
merge from 3.2 - Fix Issue #13642 : Unquote before b64encoding user:password during Basic Authentication.
2012-01-14 19:12:28 +08:00
Senthil Kumaran
Martin Panter
R David Murray
Berker Peksag
Serhiy Storchaka
Raymond Hettinger
Robert Collins
Victor Stinner
Benjamin Peterson
Nick Coghlan
Christian Heimes
Jason R. Coombs
Brett Cannon
Antoine Pitrou
Andrew Svetlov
Gregory P. Smith
Nadeem Vawda
Giampaolo Rodola'
Georg Brandl