[Python-checkins] cpython (3.2): Fix Issue6631 - Disallow relative file paths in urllib urlopen
senthil.kumaran
python-checkins at python.org
Sat Jan 21 04:55:58 CET 2012
http://hg.python.org/cpython/rev/514994d7a9f2
changeset: 74548:514994d7a9f2
branch: 3.2
parent: 74542:76077971ee1f
user: Senthil Kumaran <senthil at uthcode.com>
date: Sat Jan 21 11:52:48 2012 +0800
summary:
Fix Issue6631 - Disallow relative file paths in urllib urlopen
files:
Lib/test/test_urllib.py | 3 +++
Lib/test/test_urllib2net.py | 2 ++
Lib/urllib/request.py | 2 ++
Misc/NEWS | 2 ++
4 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -160,6 +160,9 @@
for line in self.returned_obj:
self.assertEqual(line, self.text)
+ def test_relativelocalfile(self):
+ self.assertRaises(ValueError,urllib.request.urlopen,'./' + self.pathname)
+
class ProxyTests(unittest.TestCase):
def setUp(self):
diff --git a/Lib/test/test_urllib2net.py b/Lib/test/test_urllib2net.py
--- a/Lib/test/test_urllib2net.py
+++ b/Lib/test/test_urllib2net.py
@@ -125,6 +125,8 @@
finally:
os.remove(TESTFN)
+ self.assertRaises(ValueError, urllib.request.urlopen,'./relative_path/to/file')
+
# XXX Following test depends on machine configurations that are internal
# to CNRI. Need to set up a public server with the right authentication
# configuration for test purposes.
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -1781,6 +1781,8 @@
urlfile = file
if file[:1] == '/':
urlfile = 'file://' + file
+ elif file[:2] == './':
+ raise ValueError("local file url may start with / or file:. Unknown url of type: %s" % url)
return addinfourl(open(localname, 'rb'), headers, urlfile)
raise URLError('local file error', 'not on local host')
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -103,6 +103,8 @@
Library
-------
+- Issue #6631: Disallow relative file paths in urllib urlopen methods.
+
- Issue #13722: Avoid silencing ImportErrors when initializing the codecs
registry.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list