| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782) | Victor Stinner | 2017-07-12 | 1 | -3/+3 |
| | | | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a) | ||||
| * | Correct Content-Type syntax in documentation | Martin Panter | 2015-11-14 | 1 | -4/+4 |
| | | |||||
| * | Issue #25523: Further a-to-an corrections. | Serhiy Storchaka | 2015-11-02 | 1 | -1/+1 |
| | | |||||
| * | Various minor typos in documentation and comments | Martin Panter | 2015-10-07 | 1 | -1/+1 |
| | | |||||
| * | Issue #24657: Prevent CGIRequestHandler from collapsing the URL query | Martin Panter | 2015-10-03 | 1 | -4/+9 |
| | | | | | | Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc string. | ||||
| * | Issue #25232: Fix CGIRequestHandler's splitting of URL query | Martin Panter | 2015-10-03 | 1 | -5/+1 |
| | | | | | Patch from Xiang Zhang. | ||||
| * | Issue #24774: Fix docstring in http.server.test. | Robert Collins | 2015-08-17 | 1 | -2/+1 |
| | | | | | Patch from Chiu-Hsiang Hsu. | ||||
| * | Issue #23888: Handle fractional time in cookie expiry. Patch by ssh. | Robert Collins | 2015-08-03 | 1 | -1/+1 |
| | | |||||
| * | merge 3.3 (#22931) | Benjamin Peterson | 2015-05-23 | 1 | -3/+4 |
| |\ | |||||
| | * | merge 3.2 (#22931) | Benjamin Peterson | 2015-05-23 | 1 | -3/+4 |
| | |\ | |||||
| | | * | allow square brackets in cookie values (closes #22931) | Benjamin Peterson | 2015-05-23 | 1 | -3/+4 |
| | | | | |||||
| | | * | Lax cookie parsing in http.cookies could be a security issue when combined | Antoine Pitrou | 2014-09-16 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov. | ||||
| | | * | Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than | Georg Brandl | 2014-09-30 | 1 | -0/+4 |
| | | | | | | | | | | | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen. | ||||
| * | | | Issue #23865: close() methods in multiple modules now are idempotent and more | Serhiy Storchaka | 2015-04-10 | 1 | -9/+15 |
| | | | | | | | | | | | | | | | | robust at shutdown. If needs to release multiple resources, they are released even if errors are occured. | ||||
| * | | | #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None. | R David Murray | 2015-03-22 | 1 | -13/+24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Some http servers will reject PUT, POST, and PATCH requests if they do not have a Content-Length header. Patch by James Rutherford, with additional cleaning up of the 'request' documentation by me. | ||||
| * | | | Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar. | Serhiy Storchaka | 2015-03-13 | 1 | -15/+31 |
| | | | | | | | | | | | | | Patch by Demian Brecht. | ||||
| * | | | Issue #22928: Disabled HTTP header injections in http.client. | Serhiy Storchaka | 2015-03-12 | 1 | -0/+37 |
| | | | | | | | | | | | | | Original patch by Demian Brecht. | ||||
| * | | | Issue #23439: Add missing entries to http.client.__all__. | Berker Peksag | 2015-02-20 | 1 | -1/+3 |
| | | | | | | | | | | | | | | | | | | | | | | Also, document the LineTooLong exception since it can be raised by the members of public API (e.g. http.client.HTTPResponse). Patch by Martin Panter. | ||||
| * | | | document the requestline and close_connection attributes, use real booleans, ↵ | Benjamin Peterson | 2015-02-18 | 1 | -10/+10 |
| | | | | | | | | | | | | | | | | | | | and add tests (closes #23410) Patch by Martin Panter. | ||||
| * | | | Issue #23418: Add missing entries to http.server.__all__. | Berker Peksag | 2015-02-13 | 1 | -1/+4 |
| | | | | | | | | | | | | | Patch by Martin Panter. | ||||
| * | | | capitialize "HttpOnly" and "Secure" as they appear in the standard and other ↵ | Benjamin Peterson | 2015-01-17 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | impls (closes #23250) Patch by Jon Dufresne. | ||||
| * | | | fix instances of consecutive articles (closes #23221) | Benjamin Peterson | 2015-01-13 | 1 | -1/+1 |
| | | | | | | | | | | | | | Patch by Karan Goel. | ||||
| * | | | fix behavior of trailing slash redirection when a query string is involved ↵ | Benjamin Peterson | 2014-12-26 | 1 | -2/+6 |
| | | | | | | | | | | | | | (closes #23112) | ||||
| * | | | Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port | Serhiy Storchaka | 2014-12-12 | 1 | -5/+3 |
| | | | | | | | | | | | | | value in the host header was set to "None". Patch by Demian Brecht. | ||||
| * | | | HTTPSConnection: prefer the context's check_hostname attribute over the ↵ | Benjamin Peterson | 2014-12-07 | 1 | -2/+2 |
| | | | | | | | | | | | | | constructor parameter (#22959) | ||||
| * | | | Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails. | Serhiy Storchaka | 2014-12-01 | 1 | -10/+14 |
| | | | | | | | | | | | | | Original patch by Martin Panter. | ||||
| * | | | don't require OpenSSL SNI to pass hostname to ssl functions (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -2/+1 |
| | | | | | | | | | | | | | Patch by Donald Stufft. | ||||
| * | | | PEP 476: enable HTTPS certificate verification by default (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -1/+1 |
| | | | | | | | | | | | | | Patch by Alex Gaynor with some modifications by me. | ||||
| * | | | Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2 | Serhiy Storchaka | 2014-11-02 | 1 | -2/+6 |
| | | | | | | | | | | | | | and above. Patch by Tim Graham. | ||||
| * | | | Lax cookie parsing in http.cookies could be a security issue when combined | Antoine Pitrou | 2014-09-16 | 1 | -1/+2 |
| |\ \ \ | |/ / | | | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov. | ||||
| | * | | Lax cookie parsing in http.cookies could be a security issue when combined | Antoine Pitrou | 2014-09-16 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov. | ||||
| * | | | Issue #22165: SimpleHTTPRequestHandler now supports undecodable file names. | Serhiy Storchaka | 2014-08-17 | 1 | -4/+15 |
| | | | | |||||
| * | | | Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value. | Serhiy Storchaka | 2014-07-22 | 1 | -2/+2 |
| | | | | |||||
| * | | | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, | Ned Deily | 2014-07-13 | 1 | -5/+5 |
| |\ \ \ | |/ / | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne. | ||||
| | * | | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, | Ned Deily | 2014-07-13 | 1 | -5/+5 |
| | |\ \ | | |/ | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne. | ||||
| | | * | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, | Ned Deily | 2014-07-13 | 1 | -5/+5 |
| | | | | | | | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne. | ||||
| * | | | merge 3.3 (#21766) | Benjamin Peterson | 2014-06-15 | 1 | -1/+1 |
| |\ \ \ | |/ / | |||||
| | * | | merge 3.2 (#21766) | Benjamin Peterson | 2014-06-15 | 1 | -1/+1 |
| | |\ \ | | |/ | |||||
| | | * | url unquote the path before checking if it refers to a CGI script (closes ↵ | Benjamin Peterson | 2014-06-15 | 1 | -1/+1 |
| | | | | | | | | | | | | | #21766) | ||||
| * | | | Issue #7776: Fix ``Host:'' header and reconnection when using ↵ | Senthil Kumaran | 2014-04-14 | 1 | -24/+49 |
| | | | | | | | | | | | | | | | | | | | http.client.HTTPConnection.set_tunnel(). Patch by Nikolaus Rath. | ||||
| * | | | Issue #20976: pyflakes: Remove unused imports | Victor Stinner | 2014-03-20 | 2 | -3/+0 |
| | | | | |||||
| * | | | Issue #20331: Fixed possible FD leaks in various modules: | Serhiy Storchaka | 2014-01-25 | 1 | -9/+15 |
| |\ \ \ | |/ / | | | | | | | http.server, imghdr, mailcap, mimetypes, xml.etree. | ||||
| | * | | Issue #20331: Fixed possible FD leaks in various modules: | Serhiy Storchaka | 2014-01-25 | 1 | -9/+15 |
| | | | | | | | | | | | | | http.server, imghdr, mailcap, mimetypes, xml.etree. | ||||
| * | | | merge 3.3 (#18574) | Benjamin Peterson | 2014-01-19 | 1 | -1/+1 |
| |\ \ \ | |/ / | |||||
| | * | | fix handling of 100-continue status code (closes #18574) | Benjamin Peterson | 2014-01-19 | 1 | -1/+1 |
| | | | | |||||
| * | | | Issue #19936: Added executable bits or shebang lines to Python scripts which | Serhiy Storchaka | 2014-01-16 | 1 | -3/+0 |
| |\ \ \ | |/ / | | | | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang lines in the unittestgui and checkpip scripts. | ||||
| | * | | Issue #19936: Added executable bits or shebang lines to Python scripts which | Serhiy Storchaka | 2014-01-16 | 1 | -3/+0 |
| | | | | | | | | | | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script. | ||||
| * | | | merge 3.3 (#20018) | Benjamin Peterson | 2013-12-18 | 1 | -1/+1 |
| |\ \ \ | |/ / | |||||
| | * | | update url to spec (closes #20018) | Benjamin Peterson | 2013-12-18 | 1 | -1/+1 |
| | | | | |||||
| * | | | Issue #20007: HTTPResponse.read(0) no more prematurely closes connection. | Serhiy Storchaka | 2013-12-17 | 1 | -1/+1 |
| |\ \ \ | |/ / | | | | | | | Original patch by Simon Sapin. | ||||
 |
index : cpython.git | |
| https://github.com/python/cpython.git |
| summaryrefslogtreecommitdiffstats |