Commit Graph

367 Commits

Author SHA1 Message Date
Martin Panter acc03195b0 Issue #26586: Handle excessive header fields in http.server, by Xiang Zhang 2016-04-03 00:45:46 +00:00
Martin Panter ec195fba5b Issue #26499: Merge HTTPResponse fix from 3.5 2016-03-17 07:05:34 +00:00
Martin Panter ce911c3fed Issue #26499: Fixes to HTTPResponse.readline() and read1(), by Silent Ghost 2016-03-17 06:42:48 +00:00
Berker Peksag 04bc5b9e48 Issue #747320: Use email.utils.formatdate() to avoid code duplication
in BaseHTTPRequestHandler

Initial patch by karlcow.
2016-03-14 06:06:03 +02:00
Berker Peksag 0647ef05eb Issue #16181: cookiejar.http2time() now returns None if year is higher than datetime.MAXYEAR 2016-03-14 05:48:28 +02:00
Berker Peksag 20be53e5b5 Issue #16181: cookiejar.http2time() now returns None if year is higher than datetime.MAXYEAR 2016-03-14 05:48:02 +02:00
Jason R. Coombs b118870490 Issue #26302: merge from 3.5 2016-02-24 08:50:59 -05:00
Martin Panter 192697e33b Issue #26045: Merge http.client error addition from 3.5 2016-02-09 11:57:11 +00:00
Martin Panter 44391481d7 Issue #26045: Add UTF-8 suggestion to error in http.client
Based on patch by Guido van Rossum.
2016-02-09 10:20:52 +00:00
Anish Shah 102d813b55 Issue #26302: Correctly identify comma as an invalid character for a cookie (correcting regression in Python 3.5). 2016-02-07 05:36:00 +05:00
Serhiy Storchaka 3fd4a735d8 Issue #25899: Converted non-ASCII characters in docstrings and manpage
to ASCII replacements.  Removed UTF-8 BOM from Misc/NEWS.
Original patch by Chris Angelico.
2015-12-18 13:10:37 +02:00
Martin Panter 22fd1c262a Merge typo and grammar fixes from 3.5 2015-11-14 01:29:13 +00:00
Martin Panter 32acc16cda Merge typo and grammar fixes from 3.4 into 3.5 2015-11-14 01:14:25 +00:00
Martin Panter ac34e09bbf Correct Content-Type syntax in documentation 2015-11-14 00:58:32 +00:00
Serhiy Storchaka 4a7c03aab4 Issue #25523: Merge a-to-an corrections from 3.5. 2015-11-02 14:44:29 +02:00
Serhiy Storchaka a84f6c3dd3 Issue #25523: Merge a-to-an corrections from 3.4. 2015-11-02 14:39:05 +02:00
Serhiy Storchaka d65c9496da Issue #25523: Further a-to-an corrections. 2015-11-02 14:10:23 +02:00
Martin Panter 585a6acfef Merge typo fixes from 3.5 2015-10-07 11:13:55 +00:00
Martin Panter 3f930dcd87 Merge typo fixes from 3.4 into 3.5 2015-10-07 11:01:47 +00:00
Martin Panter 9955a373a8 Various minor typos in documentation and comments 2015-10-07 10:26:23 +00:00
Martin Panter 5e84d037bb Issues #25232, #24657: Merge two CGI server fixes from 3.5 2015-10-03 06:43:19 +00:00
Martin Panter 56b76d25dd Issues #25232, #24657: Merge two CGI server fixes from 3.4 into 3.5 2015-10-03 06:03:25 +00:00
Martin Panter cb29e8c0e5 Issue #24657: Prevent CGIRequestHandler from collapsing the URL query
Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc
string.
2015-10-03 05:55:46 +00:00
Martin Panter a02e18a43f Issue #25232: Fix CGIRequestHandler's splitting of URL query
Patch from Xiang Zhang.
2015-10-03 05:38:07 +00:00
Raymond Hettinger 15b87bfedc Add in missing docstrings. 2015-08-18 22:03:08 -07:00
Robert Collins 5409177b62 Issue #24774: Fix docstring in http.server.test.
Patch from Chiu-Hsiang Hsu.
2015-08-17 12:19:19 +12:00
Robert Collins 9644f2450d Issue #24774: Fix docstring in http.server.test.
Patch from Chiu-Hsiang Hsu.
2015-08-17 12:18:35 +12:00
Robert Collins a0e5d981cd Issue #23888: Handle fractional time in cookie expiry. Patch by ssh. 2015-08-04 10:06:29 +12:00
Robert Collins f3d9c315b6 Issue #23888: Handle fractional time in cookie expiry. Patch by ssh. 2015-08-04 10:07:06 +12:00
Benjamin Peterson 5a69420062 merge 3.4 (#22931) 2015-05-23 10:41:30 -05:00
Benjamin Peterson c4ae86e477 merge 3.3 (#22931) 2015-05-23 10:40:47 -05:00
Benjamin Peterson d504f20e1c merge 3.2 (#22931) 2015-05-23 10:38:48 -05:00
Benjamin Peterson 9bd476ea57 allow square brackets in cookie values (closes #22931) 2015-05-23 10:36:48 -05:00
Serhiy Storchaka 7e7a3dba5f Issue #23865: close() methods in multiple modules now are idempotent and more
robust at shutdown. If needs to release multiple resources, they are released
even if errors are occured.
2015-04-10 13:24:41 +03:00
Serhiy Storchaka 2116b12da5 Issue #23865: close() methods in multiple modules now are idempotent and more
robust at shutdown. If needs to release multiple resources, they are released
even if errors are occured.
2015-04-10 13:29:28 +03:00
R David Murray cae7bdb424 #3566: Clean up handling of remote server disconnects.
This changeset does two things: introduces a new RemoteDisconnected exception
(that subclasses ConnectionResetError and BadStatusLine) so that a remote
server disconnection can be detected by client code (and provides a better
error message for debugging purposes), and ensures that the client socket is
closed if a ConnectionError happens, so that the automatic re-connection code
can work if the application handles the error and continues on.

Tests are added that confirm that a connection is re-used or not re-used
as appropriate to the various combinations of protocol version and headers.

Patch by Martin Panter, reviewed by Demian Brecht.  (Tweaked only slightly by
me.)
2015-04-05 19:26:29 -04:00
Serhiy Storchaka 46ba6c8563 Issue #22831: Use "with" to avoid possible fd leaks. 2015-04-04 11:01:02 +03:00
R David Murray 1813c1701f #2211: properly document the Morsel behavior changes.
Also deprecate the undocumented set argument instead of removing
it already in 3.5.

Initial patch by Demian Brecht.
2015-03-29 17:09:21 -04:00
R David Murray 0a0d20edfb Merge: #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None. 2015-03-22 15:19:01 -04:00
R David Murray beed8402ca #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.
Some http servers will reject PUT, POST, and PATCH requests if they
do not have a Content-Length header.

Patch by James Rutherford, with additional cleaning up of the
'request' documentation by me.
2015-03-22 15:18:23 -04:00
Serhiy Storchaka 6c32585f67 Restored backward compatibility of pickling http.cookies.Morsel. It was
broken after converting instance attributes to properies in issue #2211.
2015-03-18 18:03:40 +02:00
Serhiy Storchaka 9c1a9b2657 Issue #2211: Updated the implementation of the http.cookies.Morsel class.
Setting attributes key, value and coded_value directly now is deprecated.
update() and setdefault() now transform and check keys.  Comparing for
equality now takes into account attributes key, value and coded_value.
copy() now returns a Morsel, not a dict.  repr() now contains all attributes.
Optimized checking keys and quoting values.  Added new tests.
Original patch by Demian Brecht.
2015-03-18 10:59:57 +02:00
Serhiy Storchaka 577fc4e87f Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
Patch by Demian Brecht.
2015-03-13 09:05:01 +02:00
Serhiy Storchaka f7cc3fccad Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.
Patch by Demian Brecht.
2015-03-13 09:09:35 +02:00
Serhiy Storchaka b669bfc2be Issue #22928: Disabled HTTP header injections in http.client.
Original patch by Demian Brecht.
2015-03-12 11:15:15 +02:00
Serhiy Storchaka a112a8ae47 Issue #22928: Disabled HTTP header injections in http.client.
Original patch by Demian Brecht.
2015-03-12 11:13:36 +02:00
Serhiy Storchaka c0a23e6320 Issue #21793: BaseHTTPRequestHandler again logs response code as numeric,
not as stringified enum.  Patch by Demian Brecht.
2015-03-07 11:51:37 +02:00
Berker Peksag abbf0f40bb Issue #23442: Rename two member names to stay backward compatible
with the constants in http.client.

Initial patch by Demian Brecht.
2015-02-20 14:57:31 +02:00
Berker Peksag 8e28679417 Issue #23439: Add missing entries to http.client.__all__.
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).

Patch by Martin Panter.
2015-02-20 09:45:05 +02:00
Berker Peksag babc688180 Issue #23439: Add missing entries to http.client.__all__.
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).

Patch by Martin Panter.
2015-02-20 09:39:38 +02:00
Benjamin Peterson 1130c7f693 merge 3.4 (#23410) 2015-02-17 21:13:30 -05:00
Benjamin Peterson 70e2847347 document the requestline and close_connection attributes, use real booleans, and add tests (closes #23410)
Patch by Martin Panter.
2015-02-17 21:11:10 -05:00
Berker Peksag 6767757589 Issue #23418: Add missing entries to http.server.__all__.
Patch by Martin Panter.
2015-02-13 20:48:41 +02:00
Berker Peksag 366c570d1f Issue #23418: Add missing entries to http.server.__all__.
Patch by Martin Panter.
2015-02-13 20:48:15 +02:00
Berker Peksag ab53ab0a84 Issue #13128: Print response headers for CONNECT requests when debuglevel > 0.
Patch by Demian Brecht.
2015-02-03 12:22:11 +02:00
Benjamin Peterson 9d8a3ad02a http.client: disable Nagle's algorithm (closes #23302)
Patch by Demian Brecht.
2015-01-23 11:02:57 -05:00
Berker Peksag cb18b95ab8 Issue #20898: Add a "HTTP status codes" section to avoid duplication in HTTP docs.
This commit also removes a couple of non-standard status codes. They were
added as part of edf669b13482, so there is no backwards compatibility issue.

Patch by Demian Brecht.
2015-01-20 06:30:46 +02:00
Benjamin Peterson 5b883296f6 merge 3.4 (#22986) 2015-01-16 20:46:37 -05:00
Benjamin Peterson bd341629b0 capitialize "HttpOnly" and "Secure" as they appear in the standard and other impls (closes #23250)
Patch by Jon Dufresne.
2015-01-16 20:43:55 -05:00
Benjamin Peterson 610bc6a211 merge 3.4 (#23221) 2015-01-13 09:20:31 -05:00
Benjamin Peterson 82f34ada45 fix instances of consecutive articles (closes #23221)
Patch by Karan Goel.
2015-01-13 09:17:24 -05:00
Benjamin Peterson fe975a234f merge 3.4 (#23112) 2014-12-26 10:56:51 -06:00
Benjamin Peterson 94cb7a2429 fix behavior of trailing slash redirection when a query string is involved (closes #23112) 2014-12-26 10:53:43 -06:00
Serhiy Storchaka e4db76967d Issue #21793: Added http.HTTPStatus enums (i.e. HTTPStatus.OK,
HTTPStatus.NOT_FOUND).  Patch by Demian Brecht.
2014-12-23 16:28:28 +02:00
Serhiy Storchaka 4ac7ed97a8 Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port
value in the host header was set to "None".  Patch by Demian Brecht.
2014-12-12 09:29:15 +02:00
Benjamin Peterson a090f01bb6 HTTPSConnection: prefer the context's check_hostname attribute over the constructor parameter (#22959) 2014-12-07 13:18:25 -05:00
Serhiy Storchaka b491e0521f Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails.
Original patch by Martin Panter.
2014-12-01 13:07:45 +02:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Serhiy Storchaka d4a001b23c Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port
value in the host header was set to "None".  Patch by Demian Brecht.
2014-12-12 09:30:18 +02:00
Benjamin Peterson b46247bee5 merge 3.4 (#22959) 2014-12-07 13:47:34 -05:00
Serhiy Storchaka 2205da43a6 Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails.
Original patch by Martin Panter.
2014-12-01 13:10:12 +02:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Antoine Pitrou b1e36073cd Issue #22796: HTTP cookie parsing is now stricter, in order to protect against potential injection attacks. 2014-11-21 01:20:57 +01:00
Benjamin Peterson 1cca273669 merge 3.4 (#22417) 2014-11-03 14:36:48 -05:00
Benjamin Peterson 4ffb075271 PEP 476: enable HTTPS certificate verification by default (#22417)
Patch by Alex Gaynor with some modifications by me.
2014-11-03 14:29:33 -05:00
Serhiy Storchaka 2cb0e73a89 Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2
and above.  Patch by Tim Graham.
2014-11-02 22:19:56 +02:00
Serhiy Storchaka 8cf7c1cff0 Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2
and above.  Patch by Tim Graham.
2014-11-02 22:18:25 +02:00
Victor Stinner 55e614a2a8 Issue #11957: Explicit parameter name when calling re.split() and re.sub() 2014-10-29 16:58:59 +01:00
Antoine Pitrou 0d54887326 Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-17 00:27:26 +02:00
Antoine Pitrou 637e4544af Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-17 00:25:57 +02:00
Antoine Pitrou 7d0b8f95e7 Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Serhiy Storchaka 41a08e557a Issue #22165: SimpleHTTPRequestHandler now supports undecodable file names. 2014-08-17 08:24:49 +03:00
Serhiy Storchaka cb5bc408ad Issue #22165: SimpleHTTPRequestHandler now supports undecodable file names. 2014-08-17 08:22:11 +03:00
Serhiy Storchaka 465e60e654 Issue #22033: Reprs of most Python implemened classes now contain actual
class name instead of hardcoded one.
2014-07-25 23:36:00 +03:00
Serhiy Storchaka fbc877b794 Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value. 2014-07-22 11:10:37 +03:00
Serhiy Storchaka 1392df96ef Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value. 2014-07-22 11:09:36 +03:00
Ned Deily 55966193f2 Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435.  Patch by Zach Byrne.
2014-07-12 22:20:15 -07:00
Ned Deily 5d0d2e6ed6 Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435.  Patch by Zach Byrne.
2014-07-12 22:16:56 -07:00
Ned Deily 217f4cd7ee Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435.  Patch by Zach Byrne.
2014-07-12 22:12:39 -07:00
Ned Deily 915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435.  Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
Benjamin Peterson ff180af057 merge 3.4 (#21766) 2014-06-14 18:41:31 -07:00
Benjamin Peterson a8c75fe31a merge 3.3 (#21766) 2014-06-14 18:41:13 -07:00
Benjamin Peterson 6cd1954c5c merge 3.2 (#21766) 2014-06-14 18:40:10 -07:00
Benjamin Peterson 73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Senthil Kumaran 166214c344 merge from 3.4
Issue #7776: Fix ``Host:'' header and reconnection when using  http.client.HTTPConnection.set_tunnel()
Patch by Nikolaus Rath.
2014-04-14 13:10:05 -04:00
Senthil Kumaran 9da047b3a5 Issue #7776: Fix ``Host:'' header and reconnection when using http.client.HTTPConnection.set_tunnel().
Patch by Nikolaus Rath.
2014-04-14 13:07:56 -04:00
Antoine Pitrou dad182c16e Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Victor Stinner 03ce1c013d (Merge 3.4) Issue #20976: pyflakes: Remove unused imports 2014-03-20 09:22:39 +01:00
Victor Stinner 7fa767e517 Issue #20976: pyflakes: Remove unused imports 2014-03-20 09:16:38 +01:00
Kristján Valur Jónsson 8e5d0caf92 Issue #19009
Enhance HTTPResponse.readline() performance
2014-03-19 10:07:26 +00:00