[issue11662] Redirect vulnerability in urllib/urllib2
Senthil Kumaran
report at bugs.python.org
Thu Mar 24 18:07:08 CET 2011
Senthil Kumaran <orsenthil at gmail.com> added the comment:
Here is a more complete patch with tests. Please review this. Yes, it is against the default branch (3.x codeline). We can backport this behavior to 2.x codeline.
I have raised an URLError exception when the direct to invalid_schemes is detected.
Also, ftp redirection should be allowed. It is common to see ISO download mirrors which will redirect itself to an ftp url. Also the security report says about allowing to http, https and ftp.
Thanks.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11662>
_______________________________________
More information about the Python-bugs-list
mailing list