diff options
| author | Senthil Kumaran <senthil@uthcode.com> | 2012-01-04 05:46:59 (GMT) |
|---|---|---|
| committer | Senthil Kumaran <senthil@uthcode.com> | 2012-01-04 05:46:59 (GMT) |
| commit | 6497aa3e00162752ebfae20e3e62a67e796d7630 (patch) | |
| tree | b7306528f32254c3b467b16d47c65dd4f1ddc272 /Lib | |
| parent | b7ffed8a506a6a98e59e5f23bd6d4fe706b40bc3 (diff) | |
| download | cpython-6497aa3e00162752ebfae20e3e62a67e796d7630.zip cpython-6497aa3e00162752ebfae20e3e62a67e796d7630.tar.gz cpython-6497aa3e00162752ebfae20e3e62a67e796d7630.tar.bz2 | |
Issue13696 - Fix 302 Redirection for Relative urls.
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/test/test_urllib2.py | 13 | ||||
| -rw-r--r-- | Lib/urllib/request.py | 4 |
2 files changed, 15 insertions, 2 deletions
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index c94ebf8..3d80e01 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -1059,6 +1059,19 @@ class HandlerTests(unittest.TestCase): MockHeaders({"location": valid_url})) self.assertEqual(o.req.get_full_url(), valid_url) + def test_relative_redirect(self): + from_url = "http://example.com/a.html" + relative_url = "/b.html" + h = urllib.request.HTTPRedirectHandler() + o = h.parent = MockOpener() + req = Request(from_url) + req.timeout = socket._GLOBAL_DEFAULT_TIMEOUT + + valid_url = urllib.parse.urljoin(from_url,relative_url) + h.http_error_302(req, MockFile(), 302, "That's fine", + MockHeaders({"location": valid_url})) + self.assertEqual(o.req.get_full_url(), valid_url) + def test_cookie_redirect(self): # cookies shouldn't leak into redirected requests from http.cookiejar import CookieJar diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index b41dd7e..77b7c7f 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -552,7 +552,7 @@ class HTTPRedirectHandler(BaseHandler): # For security reasons we don't allow redirection to anything other # than http, https or ftp. - if urlparts.scheme not in ('http', 'https', 'ftp'): + if urlparts.scheme not in ('http', 'https', 'ftp', ''): raise HTTPError( newurl, code, "%s - Redirection to url '%s' is not allowed" % (msg, newurl), @@ -1935,7 +1935,7 @@ class FancyURLopener(URLopener): # We are using newer HTTPError with older redirect_internal method # This older method will get deprecated in 3.3 - if urlparts.scheme not in ('http', 'https', 'ftp'): + if urlparts.scheme not in ('http', 'https', 'ftp', ''): raise HTTPError(newurl, errcode, errmsg + " Redirection to url '%s' is not allowed." % newurl, |