[Python-checkins] cpython (3.2): Fix Issue6631 - Disallow relative file paths in urllib urlopen

senthil.kumaran python-checkins at python.org
Sat Jan 21 04:55:58 CET 2012 

http://hg.python.org/cpython/rev/514994d7a9f2
changeset:   74548:514994d7a9f2
branch:      3.2
parent:      74542:76077971ee1f
user:        Senthil Kumaran <senthil at uthcode.com>
date:        Sat Jan 21 11:52:48 2012 +0800
summary:
  Fix  Issue6631 - Disallow relative file paths in urllib urlopen

files:
  Lib/test/test_urllib.py     |  3 +++
  Lib/test/test_urllib2net.py |  2 ++
  Lib/urllib/request.py       |  2 ++
  Misc/NEWS                   |  2 ++
  4 files changed, 9 insertions(+), 0 deletions(-)


diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -160,6 +160,9 @@
         for line in self.returned_obj:
             self.assertEqual(line, self.text)
 
+    def test_relativelocalfile(self):
+        self.assertRaises(ValueError,urllib.request.urlopen,'./' + self.pathname)
+
 class ProxyTests(unittest.TestCase):
 
     def setUp(self):
diff --git a/Lib/test/test_urllib2net.py b/Lib/test/test_urllib2net.py
--- a/Lib/test/test_urllib2net.py
+++ b/Lib/test/test_urllib2net.py
@@ -125,6 +125,8 @@
         finally:
             os.remove(TESTFN)
 
+        self.assertRaises(ValueError, urllib.request.urlopen,'./relative_path/to/file')
+
     # XXX Following test depends on machine configurations that are internal
     # to CNRI.  Need to set up a public server with the right authentication
     # configuration for test purposes.
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -1781,6 +1781,8 @@
             urlfile = file
             if file[:1] == '/':
                 urlfile = 'file://' + file
+            elif file[:2] == './':
+                raise ValueError("local file url may start with / or file:. Unknown url of type: %s" % url)
             return addinfourl(open(localname, 'rb'), headers, urlfile)
         raise URLError('local file error', 'not on local host')
 
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -103,6 +103,8 @@
 Library
 -------
 
+- Issue #6631: Disallow relative file paths in urllib urlopen methods.
+
 - Issue #13722: Avoid silencing ImportErrors when initializing the codecs
   registry.
 

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list