[Python-checkins] [2.7] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2894)

Victor Stinner webhook-mailer at python.org
Wed Jul 26 11:50:41 EDT 2017 

https://github.com/python/cpython/commit/e5eae474c431af2880a68f6329840b9288fc4bc1
commit: e5eae474c431af2880a68f6329840b9288fc4bc1
branch: 2.7
author: Dong-hee Na <donghee.na92 at gmail.com>
committer: Victor Stinner <victor.stinner at gmail.com>
date: 2017-07-26T17:50:36+02:00
summary:

[2.7] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2894)

files:
A Misc/NEWS.d/next/Library/2017-07-26-22-02-07.bpo-30119.DZ6C_S.rst
M Lib/ftplib.py
M Lib/test/test_ftplib.py

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 153647ba758..66445547927 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -171,6 +171,8 @@ def sanitize(self, s):
 
     # Internal: send one line to the server, appending CRLF
     def putline(self, line):
+        if '\r' in line or '\n' in line:
+            raise ValueError('an illegal newline character should not be contained')
         line = line + CRLF
         if self.debugging > 1: print '*put*', self.sanitize(line)
         self.sock.sendall(line)
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
index 044ce4594c9..fdfa31387cb 100644
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@@ -439,6 +439,9 @@ def test_sanitize(self):
         self.assertEqual(self.client.sanitize('PASS 12345'), repr('PASS *****'))
 
     def test_exceptions(self):
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r\n0')
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\n0')
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r0')
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 400')
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 499')
         self.assertRaises(ftplib.error_perm, self.client.sendcmd, 'echo 500')
diff --git a/Misc/NEWS.d/next/Library/2017-07-26-22-02-07.bpo-30119.DZ6C_S.rst b/Misc/NEWS.d/next/Library/2017-07-26-22-02-07.bpo-30119.DZ6C_S.rst
new file mode 100644
index 00000000000..a37d3703842
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2017-07-26-22-02-07.bpo-30119.DZ6C_S.rst
@@ -0,0 +1,2 @@
+ftplib.FTP.putline() now throws ValueError on commands that contains CR or
+LF. Patch by Dong-hee Na.

More information about the Python-checkins mailing list