More fixes according to SF 549151:

- When redirecting, always use GET.  This is common practice and
  more-or-less sanctioned by the HTTP standard.

- Add a handler for 307 redirection, which becomes an error for POST,
  but a regular redirect for GET and HEAD.

Lib/urllib.py

@@ -577,10 +577,7 @@ class FancyURLopener(URLopener):
         fp.close()
         # In case the server sent a relative URL, join with original:
         newurl = basejoin(self.type + ":" + url, newurl)
-        if data is None:
-            return self.open(newurl)
-        else:
-            return self.open(newurl, data)
+        return self.open(newurl)
 
     def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):
         """Error 301 -- also relocated (permanently)."""
@@ -590,6 +587,13 @@ class FancyURLopener(URLopener):
         """Error 303 -- also relocated (essentially identical to 302)."""
         return self.http_error_302(url, fp, errcode, errmsg, headers, data)
 
+    def http_error_307(self, url, fp, errcode, errmsg, headers, data=None):
+        """Error 307 -- relocated, but turn POST into error."""
+        if data is None:
+            return self.http_error_302(url, fp, errcode, errmsg, headers, data)
+        else:
+            return self.http_error_default(url, fp, errcode, errmsg, headers)
+
     def http_error_401(self, url, fp, errcode, errmsg, headers, data=None):
         """Error 401 -- authentication required.
         See this URL for a description of the basic authentication scheme:

Misc/NEWS

@@ -38,6 +38,11 @@ Extension modules
 Library
 -------
 
+- More fixes to urllib (SF 549151): (a) When redirecting, always use
+  GET.  This is common practice and more-or-less sanctioned by the
+  HTTP standard. (b) Add a handler for 307 redirection, which becomes
+  an error for POST, but a regular redirect for GET and HEAD
+
 - Added optional 'onerror' argument to os.walk(), to control error
   handling.