[Python-checkins] cpython (3.2): Issue13696 - Fix 302 Redirection for Relative urls.

senthil.kumaran python-checkins at python.org
Wed Jan 4 07:47:44 CET 2012 

http://hg.python.org/cpython/rev/86141d28b20d
changeset:   74265:86141d28b20d
branch:      3.2
parent:      74262:b8f978aa2614
user:        Senthil Kumaran <senthil at uthcode.com>
date:        Wed Jan 04 13:46:59 2012 +0800
summary:
  Issue13696 - Fix 302 Redirection for Relative urls.

files:
  Lib/test/test_urllib2.py |  13 +++++++++++++
  Lib/urllib/request.py    |   4 ++--
  Misc/NEWS                |   2 ++
  3 files changed, 17 insertions(+), 2 deletions(-)


diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@@ -1059,6 +1059,19 @@
                 MockHeaders({"location": valid_url}))
             self.assertEqual(o.req.get_full_url(), valid_url)
 
+    def test_relative_redirect(self):
+        from_url = "http://example.com/a.html"
+        relative_url = "/b.html"
+        h = urllib.request.HTTPRedirectHandler()
+        o = h.parent = MockOpener()
+        req = Request(from_url)
+        req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT
+
+        valid_url = urllib.parse.urljoin(from_url,relative_url)
+        h.http_error_302(req, MockFile(), 302, "That's fine",
+            MockHeaders({"location": valid_url}))
+        self.assertEqual(o.req.get_full_url(), valid_url)
+
     def test_cookie_redirect(self):
         # cookies shouldn't leak into redirected requests
         from http.cookiejar import CookieJar
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -552,7 +552,7 @@
         # For security reasons we don't allow redirection to anything other
         # than http, https or ftp.
 
-        if urlparts.scheme not in ('http', 'https', 'ftp'):
+        if urlparts.scheme not in ('http', 'https', 'ftp', ''):
             raise HTTPError(
                 newurl, code,
                 "%s - Redirection to url '%s' is not allowed" % (msg, newurl),
@@ -1935,7 +1935,7 @@
         # We are using newer HTTPError with older redirect_internal method
         # This older method will get deprecated in 3.3
 
-        if urlparts.scheme not in ('http', 'https', 'ftp'):
+        if urlparts.scheme not in ('http', 'https', 'ftp', ''):
             raise HTTPError(newurl, errcode,
                             errmsg +
                             " Redirection to url '%s' is not allowed." % newurl,
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -97,6 +97,8 @@
 Library
 -------
 
+- Issue #13696: Fix the 302 Relative URL Redirection problem.
+
 - Issue #13636: Weak ciphers are now disabled by default in the ssl module
   (except when SSLv2 is explicitly asked for).
 

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list