[issue13642] urllib incorrectly quotes username and password in https basic auth
Joonas Kuorilehto
report at bugs.python.org
Tue Jan 10 08:01:48 CET 2012
Joonas Kuorilehto <joneskoo at derbian.fi> added the comment:
Michele, in your patch:
+ authorization = ("Authorization: Basic %s\r\n" %
+ b64encode('a%20b:c%20d'))
This is wrong. See the original report by me and RFC 2617. The username and password MUST NOT be url encoded before base64. That is the original problem. The point is that this test should fail with urllib before the change and not fail with the fix.
Secondly, I think unquote will fail when given a None. For me, some other unit tests caught this when I had the unquote where the splituser is called. I didn't run your code but are other urllib tests ok for you?
I like your change of having the base64 explicitly there and not as a magic string is a good idea.
Senthil, could you provide the better alternative for the class field abuse, please?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13642>
_______________________________________
More information about the Python-bugs-list
mailing list