[issue11662] Redirect vulnerability in urllib/urllib2
report at bugs.python.org
Fri Mar 25 03:42:07 CET 2011
Senthil Kumaran <orsenthil at gmail.com> added the comment:
On Thu, Mar 24, 2011 at 05:32:42PM +0000, Guido van Rossum wrote:
> I still don't think we should raise URLError on the bad redirect; we
> should treat it the same as a missing URI/Location header, and it
> will raise HTTPError.
Agreed. Updated the hg repository by raising HTTPError instead of
Thing to note - HTTPError does not change anything from the
redirection. It would still give the code as 302 with an additional
message saying that Redirection to 'newurl' is not allowed.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list