diff options
| author | Senthil Kumaran <senthil@uthcode.com> | 2012-05-15 14:24:10 (GMT) |
|---|---|---|
| committer | Senthil Kumaran <senthil@uthcode.com> | 2012-05-15 14:24:10 (GMT) |
| commit | 6a2a6c2ee37dad75134c212d43e48702f1b219a9 (patch) | |
| tree | 3115aff50eec7656e8d301941fc8c5fafb707664 | |
| parent | 8349bc2ba93bbe9c130adc6a9a3d6e24c2f6140f (diff) | |
| download | cpython-6a2a6c2ee37dad75134c212d43e48702f1b219a9.zip cpython-6a2a6c2ee37dad75134c212d43e48702f1b219a9.tar.gz cpython-6a2a6c2ee37dad75134c212d43e48702f1b219a9.tar.bz2 | |
Issue #12541: Be lenient with quotes around Realm field with HTTP Basic Authentation in urllib2.
| -rw-r--r-- | Lib/test/test_urllib2.py | 16 | ||||
| -rw-r--r-- | Lib/urllib2.py | 2 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 20 insertions, 1 deletions
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 7f230e2..ad558da 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -1112,6 +1112,22 @@ class HandlerTests(unittest.TestCase): def test_basic_auth_with_single_quoted_realm(self): self.test_basic_auth(quote_char="'") + def test_basic_auth_with_unquoted_realm(self): + opener = OpenerDirector() + password_manager = MockPasswordManager() + auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) + realm = "ACME Widget Store" + http_handler = MockHTTPHandler( + 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", + "http://acme.example.com/protected", + ) + + def test_proxy_basic_auth(self): opener = OpenerDirector() ph = urllib2.ProxyHandler(dict(http="proxy.example.com:3128")) diff --git a/Lib/urllib2.py b/Lib/urllib2.py index 5471acd..21b5262 100644 --- a/Lib/urllib2.py +++ b/Lib/urllib2.py @@ -828,7 +828,7 @@ class AbstractBasicAuthHandler: # allow for double- and single-quoted realm values # (single quotes are a violation of the RFC, but appear in the wild) rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' - 'realm=(["\'])(.*?)\\2', re.I) + 'realm=(["\']?)([^"\']*)\\2', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, # end of section 2, and section 1.2 immediately after "credentials" @@ -60,6 +60,9 @@ Core and Builtins Library ------- +- Issue #12541: Be lenient with quotes around Realm field with HTTP Basic + Authentation in urllib2. + - Issue #14662: Prevent shutil failures on OS X when destination does not support chflag operations. Patch by Hynek Schlawack. |