[issue13642] urllib incorrectly quotes username and password in https basic auth
Joonas Kuorilehto
report at bugs.python.org
Fri Jan 6 03:27:30 CET 2012
Joonas Kuorilehto <oh8gdv at gmail.com> added the comment:
> Regarding unittests instead, there is already a method called
> test_userpass_inurl which could be extended with some tests on a
> password containing spaces ( Lib/test/test_urllib.py:263). But what
> I haven't yet understood is: does it really exists a user:pass in
> python.org?
Note Lib/test/test_urllib.py:261 ; there is a fake HTTP wrapper in the test. So the request is not really sent.
I modified FakeHTTPConnection to store the sent HTTP request. I also copied the test you mentioned from python3 to 2.7. The second test I add in the patch fails. The test should pass with python2.5 from OS X (did not run the test but checked headers against netcat).
Please take a look at the tests I added. I'm not sure if geturl() should return the quoted version or not. But certainly the quoted version must not be used in the base64. If you think geturl() should return the quoted version, I'm fine with that - in principle characters like \n in the password could be bad in an URL unless quoted.
Maybe the tests could ALSO be added to some other places, but I think this full path makes sense to check like this.
----------
keywords: +patch
Added file: http://bugs.python.org/file24147/tests-and-fakehttp-request-storing.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13642>
_______________________________________
More information about the Python-bugs-list
mailing list