summaryrefslogtreecommitdiffstats
path: root/Lib/http
Commit message (Collapse)AuthorAgeFilesLines
* bpo-26657: Fix Windows directory traversal vulnerability with http.server ↵Victor Stinner2017-07-261-3/+3
| | | | | | | | | (#782) (#2860) Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a) (cherry picked from commit 6f6bc1da8aaae52664e7747e328d26eb59c0e74f)
* [3.3] bpo-22928: Disabled HTTP header injections in http.client. (#2817)Serhiy Storchaka2017-07-261-0/+37
| | | | | Original patch by Demian Brecht.. (cherry picked from commit a112a8ae47813f75aa8ad27ee8c42a7c2e937d13)
* merge 3.2 (#22931)Benjamin Peterson2015-05-231-3/+4
|\
| * allow square brackets in cookie values (closes #22931)Benjamin Peterson2015-05-231-3/+4
| |
| * Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-161-1/+2
| | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
| * Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more thanGeorg Brandl2014-09-301-0/+4
| | | | | | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen.
* | Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-161-1/+2
| | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
* | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-131-5/+5
|\ \ | |/ | | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
| * Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-131-5/+5
| | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
* | merge 3.2 (#21766)Benjamin Peterson2014-06-151-1/+1
|\ \ | |/
| * url unquote the path before checking if it refers to a CGI script (closes ↵Benjamin Peterson2014-06-151-1/+1
| | | | | | | | #21766)
* | Issue #20331: Fixed possible FD leaks in various modules:Serhiy Storchaka2014-01-251-9/+15
| | | | | | | | http.server, imghdr, mailcap, mimetypes, xml.etree.
* | fix handling of 100-continue status code (closes #18574)Benjamin Peterson2014-01-191-1/+1
| |
* | Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-3/+0
| | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* | update url to spec (closes #20018)Benjamin Peterson2013-12-181-1/+1
| |
* | Issue #20007: HTTPResponse.read(0) no more prematurely closes connection.Serhiy Storchaka2013-12-171-1/+1
| | | | | | | | Original patch by Simon Sapin.
* | merge 3.2 (#19435)Benjamin Peterson2013-10-301-5/+4
|\ \ | |/
| * merge 3.1 (#19435)Benjamin Peterson2013-10-301-5/+4
| |\
| | * use the collapsed path in the run_cgi method (closes #19435)Benjamin Peterson2013-10-301-5/+4
| | |
* | | Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more thanGeorg Brandl2013-10-271-0/+4
| | | | | | | | | | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen.
* | | Minor code improvement. Review comment by Eric V. SmithSenthil Kumaran2013-09-301-1/+1
| | |
* | | Fix http.server's request handling case on trailing '/'.Senthil Kumaran2013-09-131-0/+4
| | | | | | | | | | | | Patch contributed by Vajrasky Kok. Addresses Issue #17324
* | | #16611: BaseCookie now parses 'secure' and 'httponly' flags.R David Murray2013-08-251-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously it generated them if they were given a value, but completely ignored them if they were present in the string passed in to be parsed. Now if the flag appears on a cookie, the corresponding Morsel key will reference a True value. Other pre-existing behavior is retained in this maintenance patch: if the source contains something like 'secure=foo', morsel['secure'] will return 'foo'. Since such a value doesn't round trip and never did (and would be a surprising occurrence) a subsequent non-bug-fix patch may change this behavior. Inspired by a patch from Julien Phalip, who reviewed this one.
* | | Issue #16658: add missing return to HTTPConnection.send().Andrew Svetlov2013-04-121-1/+1
| | | | | | | | | | | | Patch by Jeff Knupp
* | | #17678: Fix DeprecationWarning in the http/cookiejar.py by changing the usageSenthil Kumaran2013-04-091-1/+1
| | | | | | | | | | | | | | | | | | of get_origin_req_host() to origin_req_host. Patch by Wei-Cheng Pan
* | | Reverting the changeset 5d76a4746d9d made for Issue #12921Senthil Kumaran2013-03-051-1/+1
|\ \ \ | |/ /
| * | Reverting the changeset 5126e62c60af made for Issue #12921Senthil Kumaran2013-03-051-1/+1
| | |
* | | Fix Issue #12921: BaseHTTPServer's send_error should send the correct errorSenthil Kumaran2013-03-051-1/+1
|\ \ \ | |/ / | | | | | | | | | response message when send_error includes a message in addition to error status. Patch contributed by Karl.
| * | Fix Issue #12921: BaseHTTPServer's send_error should send the correct errorSenthil Kumaran2013-03-051-1/+1
| | | | | | | | | | | | | | | response message when send_error includes a message in addition to error status. Patch contributed by Karl.
* | | Issue #16723: httplib.HTTPResponse no longer marked closed when the connectionSerhiy Storchaka2013-02-061-17/+21
|\ \ \ | |/ / | | | | | | is automatically closed.
| * | Issue #16723: httplib.HTTPResponse no longer marked closed when the connectionSerhiy Storchaka2013-02-061-15/+19
| | | | | | | | | | | | is automatically closed.
| * | Simplify code in HTTPResponse.read()Antoine Pitrou2013-02-021-4/+1
| | |
* | | Issue #15633: httplib.HTTPResponse is now mark closed when the server sends ↵Antoine Pitrou2013-02-021-5/+10
|\ \ \ | |/ / | | | | | | less than the advertised Content-Length.
| * | Issue #15633: httplib.HTTPResponse is now mark closed when the server sends ↵Antoine Pitrou2013-02-021-1/+9
| | | | | | | | | | | | less than the advertised Content-Length.
* | | Issue #16298: In HTTPResponse.read(), close the socket when there is no ↵Antoine Pitrou2012-12-151-0/+3
|\ \ \ | |/ / | | | | | | | | | | | | Content-Length and the incoming stream is finished. Patch by Eran Rundstein.
| * | Issue #16298: In HTTPResponse.read(), close the socket when there is no ↵Antoine Pitrou2012-12-151-0/+4
| | | | | | | | | | | | | | | | | | Content-Length and the incoming stream is finished. Patch by Eran Rundstein.
* | | #15980: merge with 3.2.Ezio Melotti2012-09-211-2/+2
|\ \ \ | |/ /
| * | #15980: properly escape newlines in docstrings. Patch by Serhiy Storchaka.Ezio Melotti2012-09-211-2/+2
| | |
* | | Issue #15409: Replace use of deprecated urllib.request.Request methods in ↵Meador Inge2012-07-211-4/+4
| | | | | | | | | | | | | | | | | | http.cookijar Patch by Flávio Ribeiro.
* | | Issue 14989: http.server --cgi option can enable the CGI http server.Senthil Kumaran2012-06-031-7/+15
| | |
* | | merge - Fix for issue14426 - buildbots here I comeSenthil Kumaran2012-05-201-1/+1
|\ \ \ | |/ /
| * | Fix for issue14426 - buildbots here I comeSenthil Kumaran2012-05-201-1/+1
| | |
* | | Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. ↵Senthil Kumaran2012-05-201-1/+1
|\ \ \ | |/ / | | | | | | Patch by Federico Reghenzani and Müte Invert
| * | Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. ↵Senthil Kumaran2012-05-201-1/+1
| | | | | | | | | | | | Patch by Federico Reghenzani and Müte Invert
* | | merge - Fix Issue14721: Send Content-length: 0 for empty body () in the ↵Senthil Kumaran2012-05-191-1/+1
|\ \ \ | |/ / | | | | | | http.client requests
| * | Fix Issue14721: Send Content-length: 0 for empty body () in the http.client ↵Senthil Kumaran2012-05-191-1/+1
| | | | | | | | | | | | requests
* | | #14809: Add HTTP status codes from RFC 6585 to http.server and http.clientHynek Schlawack2012-05-162-1/+17
| | | | | | | | | | | | Patch by EungJun Yi.
* | | issue6085 - update docs in default branchSenthil Kumaran2012-04-291-1/+1
|\ \ \ | |/ /
| * | Fix issue6085 - Remove the delay caused by fqdn lookup while logging in ↵Senthil Kumaran2012-04-291-2/+2
| | | | | | | | | | | | BaseHTTPRequestHandler
* | | Fix Issue6085 - SimpleHTTPServer address_string to return client ip instead ↵Senthil Kumaran2012-04-291-11/+2
| | | | | | | | | | | | of client hostname
generated by cgit v0.12 at 2025-12-26 14:52:01 (GMT)