diff options
| author | Senthil Kumaran <senthil@uthcode.com> | 2012-05-15 14:39:17 (GMT) |
|---|---|---|
| committer | Senthil Kumaran <senthil@uthcode.com> | 2012-05-15 14:39:17 (GMT) |
| commit | b26fe2f313143139f7666f125b097d9c92a494ff (patch) | |
| tree | 42d106f0aa42551995255ba09bc97286f81cf8e4 | |
| parent | 0fb41b56ea1415943569ee6dda1c9d1aec952c37 (diff) | |
| parent | 34f3fcc269be2ecded57ff3ae336977c5e74c42f (diff) | |
| download | cpython-b26fe2f313143139f7666f125b097d9c92a494ff.zip cpython-b26fe2f313143139f7666f125b097d9c92a494ff.tar.gz cpython-b26fe2f313143139f7666f125b097d9c92a494ff.tar.bz2 | |
merge from 3.2 - Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2.
| -rw-r--r-- | Lib/test/test_urllib2.py | 15 | ||||
| -rw-r--r-- | Lib/urllib/request.py | 2 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 19 insertions, 1 deletions
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index fad95cc..f9a76a3 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -1252,6 +1252,21 @@ class HandlerTests(unittest.TestCase): def test_basic_auth_with_single_quoted_realm(self): self.test_basic_auth(quote_char="'") + def test_basic_auth_with_unquoted_realm(self): + opener = OpenerDirector() + password_manager = MockPasswordManager() + auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) + realm = "ACME Widget Store" + http_handler = MockHTTPHandler( + 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", + "http://acme.example.com/protected", + ) + def test_proxy_basic_auth(self): opener = OpenerDirector() ph = urllib.request.ProxyHandler(dict(http="proxy.example.com:3128")) diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index a5f0866..6cc78ed 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -895,7 +895,7 @@ class AbstractBasicAuthHandler: # allow for double- and single-quoted realm values # (single quotes are a violation of the RFC, but appear in the wild) rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' - 'realm=(["\'])(.*?)\\2', re.I) + 'realm=(["\']?)([^"\']*)\\2', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, # end of section 2, and section 1.2 immediately after "credentials" @@ -31,6 +31,9 @@ Core and Builtins Library ------- +- Issue #12541: Be lenient with quotes around Realm field of HTTP Basic + Authentation in urllib2. + - Issue 14807: move undocumented tarfile.filemode() to stat.filemode() and add doc entry. Add tarfile.filemode alias with deprecation warning. |