[Python-bugs-list] [ python-Bugs-649967 ] urllib.urlopen('file:/...') uses FTP
noreply@sourceforge.net
noreply@sourceforge.net
Sat, 07 Dec 2002 01:07:16 -0800
Bugs item #649967, was opened at 2002-12-07 02:07
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=649967&group_id=5470
Category: Python Library
Group: Python 2.2.1
Status: Open
Resolution: None
Priority: 5
Submitted By: Mike Brown (mike_j_brown)
Assigned to: Nobody/Anonymous (nobody)
Summary: urllib.urlopen('file:/...') uses FTP
Initial Comment:
urllib.urlopen(), when given a 'file' URL containing a host
part, like 'file://somehost/path/to/file', treats it as if it
were an 'ftp' URL.
While RFC 1738 acknowledges that the access method
for file URLs is unspecified, the assumption of FTP, even
when a direct access method is available, is a poor
design decision and is a possible security risk in
applications that use urlopen().
When given a file URL, urlopen() should extract the
portion following 'file:', convert a leading '//localhost/'
to '///' (because localhost is a special case per RFC
1738; see other bug report on this topic), and use
url2pathname() to try to convert this to an OS-specific
path. The result can then be passed to open().
For example, on Windows, urlopen
('file://somehost/path/to/file') should return the result of
open('\somehost\path\to\file', 'rb').
In situations where there is no convention for interpreting
the host part of a URL as a component in an OS path,
such as on Unix filesystems, an exception should be
raised by url2pathname(), in my opinion. If urlopen()
wants to try an alternate access method such as FTP, it
should only do so if directed by the caller.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=649967&group_id=5470