[Python-bugs-list] [Bug #128764] urllib.splithost() chokes on password containing '/'
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 14 Jan 2001 14:56:44 -0800
Bug #128764, was updated on 2001-Jan-14 14:03
Here is a current snapshot of the bug.
Project: Python
Category: Python Library
Status: Closed
Resolution: None
Bug Group: None
Priority: 5
Submitted by: dougfort
Assigned to : nobody
Summary: urllib.splithost() chokes on password containing '/'
Details: urllib.splithost() uses a regular expression to split url
hostnames of the form 'http://userid:password@host...'
The regex stops at the first '/'. If the password contains a '/' the
results are invalid.
I'm submitting this as a bug, rather than a diff, because I'm afraid to
mess with the regex. If I come up with something, I'll send in a diff.
Follow-Ups:
Date: 2001-Jan-14 14:56
By: gvanrossum
Comment:
This is not a bug -- if you allow arbitrary characters in the password, the
URL could become totally ambiguous. E.g. what if the password started with
"80/"? How can a browser know what is meant if the URL is
"http://user:80/garbage@host" ???
According to RFC 1738: ``Within the user and password field, any ":", "@",
or "/" must be encoded.''
The splituser() function correctly calls unquote() to remove the %xx
encoding from the username and password.
-------------------------------------------------------
For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=128764&group_id=5470