SF patch #497420 (Eduardo PĂ©rez): ftplib: ftp anonymous password

Instead of sending the real user and host, use "anonymous@" (i.e. no
host name at all!) as the default anonymous FTP password.  This avoids
privacy violations.

3 files changed, 11 insertions, 18 deletions

diff --git a/Doc/lib/libftplib.tex b/Doc/lib/libftplib.tex
index 0d0d700..d4851ab 100644
--- a/Doc/lib/libftplib.tex
+++ b/Doc/lib/libftplib.tex
@@ -20,7 +20,7 @@ Here's a sample session using the \module{ftplib} module:
 \begin{verbatim}
 >>> from ftplib import FTP
 >>> ftp = FTP('ftp.cwi.nl')   # connect to host, default port
->>> ftp.login()               # user anonymous, passwd user@hostname
+>>> ftp.login()               # user anonymous, passwd anonymous@
 >>> ftp.retrlines('LIST')     # list directory contents
 total 24418
 drwxrwsr-x   5 ftp-usr  pdmaint     1536 Mar 20 09:48 .
@@ -121,10 +121,7 @@ Log in as the given \var{user}.  The \var{passwd} and \var{acct}
 parameters are optional and default to the empty string.  If no
 \var{user} is specified, it defaults to \code{'anonymous'}.  If
 \var{user} is \code{'anonymous'}, the default \var{passwd} is
-\samp{\var{realuser}@\var{host}} where \var{realuser} is the real user
-name (glanced from the \envvar{LOGNAME} or \envvar{USER} environment
-variable) and \var{host} is the hostname as returned by
-\function{socket.gethostname()}.  This function should be called only
+\code{'anonymous@'}.  This function should be called only
 once for each instance, after a connection has been established; it
 should not be called at all if a host and user were given when the
 instance was created.  Most FTP commands are only allowed after the
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index a176a87..cf1f32f 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -351,19 +351,14 @@ class FTP:
         if not passwd: passwd = ''
         if not acct: acct = ''
         if user == 'anonymous' and passwd in ('', '-'):
-            # get fully qualified domain name of local host
-            thishost = socket.getfqdn()
-            try:
-                if os.environ.has_key('LOGNAME'):
-                    realuser = os.environ['LOGNAME']
-                elif os.environ.has_key('USER'):
-                    realuser = os.environ['USER']
-                else:
-                    realuser = 'anonymous'
-            except AttributeError:
-                # Not all systems have os.environ....
-                realuser = 'anonymous'
-            passwd = passwd + realuser + '@' + thishost
+	    # If there is no anonymous ftp password specified
+	    # then we'll just use anonymous@
+	    # We don't send any other thing because:
+	    # - We want to remain anonymous
+	    # - We want to stop SPAM
+	    # - We don't want to let ftp sites to discriminate by the user,
+	    #   host or country.
+            passwd = passwd + 'anonymous@'
         resp = self.sendcmd('USER ' + user)
         if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd)
         if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct)
diff --git a/Misc/ACKS b/Misc/ACKS
index 0d1e2c5..6f64724 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -330,6 +330,7 @@ Randy Pausch
 Marcel van der Peijl
 Samuele Pedroni
 Steven Pemberton
+Eduardo Pérez
 Tim Peters
 Chris Petrilli
 Geoff Philbrick