[issue11662] Redirect vulnerability in urllib/urllib2
Antoine Pitrou
report at bugs.python.org
Thu Mar 24 18:08:38 CET 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
> > Senthil's patch allows a redirect to ftp while Guido's doesn't.
>
> That is a good question. Should we? It doesn't look like ftp:
> participates in the vulnerability, but I'm not sure how useful it is
> either.
I would say accept it anyway. That way we minimize potential for
compatibility breakage.
(do we support "ftps" as well? I don't think so)
> > Senthil's patch doesn't seem to fix urllib-inherited code, only
> urllib2- (see FancyURLopener.redirect_internal()).
>
> Right, that's for Python 3.
FancyURLopener is still present in Python 3 (even though we would like
to deprecate it in 3.3).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11662>
_______________________________________
More information about the Python-bugs-list
mailing list