cpython.git - https://github.com/python/cpython.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	[3.4] bpo-35121: prefix dot in domain for proper subdomain validation ↵	Xtreak	2019-03-16	1	-2/+11
\| \| \| \| \| \| \| \|	(GH-10258) (#12279) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
*	bpo-35647: Fix path check in cookiejar (#11436) (#12278)	Xtreak	2019-03-16	1	-5/+9
\| \| \| \| \| \| \| \| \| \| \| \| \|	* Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
*	bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782)	Victor Stinner	2017-07-12	1	-3/+3
\| \| \| \| \| \|	Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a)
*	Correct Content-Type syntax in documentation	Martin Panter	2015-11-14	1	-4/+4
\|
*	Issue #25523: Further a-to-an corrections.	Serhiy Storchaka	2015-11-02	1	-1/+1
\|
*	Various minor typos in documentation and comments	Martin Panter	2015-10-07	1	-1/+1
\|
*	Issue #24657: Prevent CGIRequestHandler from collapsing the URL query	Martin Panter	2015-10-03	1	-4/+9
\| \| \| \| \|	Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc string.
*	Issue #25232: Fix CGIRequestHandler's splitting of URL query	Martin Panter	2015-10-03	1	-5/+1
\| \| \| \|	Patch from Xiang Zhang.
*	Issue #24774: Fix docstring in http.server.test.	Robert Collins	2015-08-17	1	-2/+1
\| \| \| \|	Patch from Chiu-Hsiang Hsu.
*	Issue #23888: Handle fractional time in cookie expiry. Patch by ssh.	Robert Collins	2015-08-03	1	-1/+1
\|
*	merge 3.3 (#22931)	Benjamin Peterson	2015-05-23	1	-3/+4
\|\
\| *	merge 3.2 (#22931)	Benjamin Peterson	2015-05-23	1	-3/+4
\| \|\
\| \| *	allow square brackets in cookie values (closes #22931)	Benjamin Peterson	2015-05-23	1	-3/+4
\| \| \|
\| \| *	Lax cookie parsing in http.cookies could be a security issue when combined	Antoine Pitrou	2014-09-16	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
\| \| *	Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than	Georg Brandl	2014-09-30	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \|	100 headers are read. Adapted from patch by Jyrki Pulliainen.
* \| \|	Issue #23865: close() methods in multiple modules now are idempotent and more	Serhiy Storchaka	2015-04-10	1	-9/+15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	robust at shutdown. If needs to release multiple resources, they are released even if errors are occured.
* \| \|	#23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.	R David Murray	2015-03-22	1	-13/+24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Some http servers will reject PUT, POST, and PATCH requests if they do not have a Content-Length header. Patch by James Rutherford, with additional cleaning up of the 'request' documentation by me.
* \| \|	Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.	Serhiy Storchaka	2015-03-13	1	-15/+31
\| \| \| \| \| \| \| \| \| \| \| \|	Patch by Demian Brecht.
* \| \|	Issue #22928: Disabled HTTP header injections in http.client.	Serhiy Storchaka	2015-03-12	1	-0/+37
\| \| \| \| \| \| \| \| \| \| \| \|	Original patch by Demian Brecht.
* \| \|	Issue #23439: Add missing entries to http.client.__all__.	Berker Peksag	2015-02-20	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Also, document the LineTooLong exception since it can be raised by the members of public API (e.g. http.client.HTTPResponse). Patch by Martin Panter.
* \| \|	document the requestline and close_connection attributes, use real booleans, ↵	Benjamin Peterson	2015-02-18	1	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	and add tests (closes #23410) Patch by Martin Panter.
* \| \|	Issue #23418: Add missing entries to http.server.__all__.	Berker Peksag	2015-02-13	1	-1/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Patch by Martin Panter.
* \| \|	capitialize "HttpOnly" and "Secure" as they appear in the standard and other ↵	Benjamin Peterson	2015-01-17	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	impls (closes #23250) Patch by Jon Dufresne.
* \| \|	fix instances of consecutive articles (closes #23221)	Benjamin Peterson	2015-01-13	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Patch by Karan Goel.
* \| \|	fix behavior of trailing slash redirection when a query string is involved ↵	Benjamin Peterson	2014-12-26	1	-2/+6
\| \| \| \| \| \| \| \| \| \| \| \|	(closes #23112)
* \| \|	Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port	Serhiy Storchaka	2014-12-12	1	-5/+3
\| \| \| \| \| \| \| \| \| \| \| \|	value in the host header was set to "None". Patch by Demian Brecht.
* \| \|	HTTPSConnection: prefer the context's check_hostname attribute over the ↵	Benjamin Peterson	2014-12-07	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \|	constructor parameter (#22959)
* \| \|	Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails.	Serhiy Storchaka	2014-12-01	1	-10/+14
\| \| \| \| \| \| \| \| \| \| \| \|	Original patch by Martin Panter.
* \| \|	don't require OpenSSL SNI to pass hostname to ssl functions (#22921)	Benjamin Peterson	2014-11-23	1	-2/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Patch by Donald Stufft.
* \| \|	PEP 476: enable HTTPS certificate verification by default (#22417)	Benjamin Peterson	2014-11-03	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Patch by Alex Gaynor with some modifications by me.
* \| \|	Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2	Serhiy Storchaka	2014-11-02	1	-2/+6
\| \| \| \| \| \| \| \| \| \| \| \|	and above. Patch by Tim Graham.
* \| \|	Lax cookie parsing in http.cookies could be a security issue when combined	Antoine Pitrou	2014-09-16	1	-1/+2
\|\ \ \ \| \|/ / \| \| \| \| \| \| \| \| \| \| \| \|	with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
\| * \|	Lax cookie parsing in http.cookies could be a security issue when combined	Antoine Pitrou	2014-09-16	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
* \| \|	Issue #22165: SimpleHTTPRequestHandler now supports undecodable file names.	Serhiy Storchaka	2014-08-17	1	-4/+15
\| \| \|
* \| \|	Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value.	Serhiy Storchaka	2014-07-22	1	-2/+2
\| \| \|
* \| \|	Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,	Ned Deily	2014-07-13	1	-5/+5
\|\ \ \ \| \|/ / \| \| \| \| \| \|	broken by the fix for security issue #19435. Patch by Zach Byrne.
\| * \|	Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,	Ned Deily	2014-07-13	1	-5/+5
\| \|\ \ \| \| \|/ \| \| \| \| \| \|	broken by the fix for security issue #19435. Patch by Zach Byrne.
\| \| *	Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,	Ned Deily	2014-07-13	1	-5/+5
\| \| \| \| \| \| \| \| \| \| \| \|	broken by the fix for security issue #19435. Patch by Zach Byrne.
* \| \|	merge 3.3 (#21766)	Benjamin Peterson	2014-06-15	1	-1/+1
\|\ \ \ \| \|/ /
\| * \|	merge 3.2 (#21766)	Benjamin Peterson	2014-06-15	1	-1/+1
\| \|\ \ \| \| \|/
\| \| *	url unquote the path before checking if it refers to a CGI script (closes ↵	Benjamin Peterson	2014-06-15	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	#21766)
* \| \|	Issue #7776: Fix ``Host:'' header and reconnection when using ↵	Senthil Kumaran	2014-04-14	1	-24/+49
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	http.client.HTTPConnection.set_tunnel(). Patch by Nikolaus Rath.
* \| \|	Issue #20976: pyflakes: Remove unused imports	Victor Stinner	2014-03-20	2	-3/+0
\| \| \|
* \| \|	Issue #20331: Fixed possible FD leaks in various modules:	Serhiy Storchaka	2014-01-25	1	-9/+15
\|\ \ \ \| \|/ / \| \| \| \| \| \|	http.server, imghdr, mailcap, mimetypes, xml.etree.
\| * \|	Issue #20331: Fixed possible FD leaks in various modules:	Serhiy Storchaka	2014-01-25	1	-9/+15
\| \| \| \| \| \| \| \| \| \| \| \|	http.server, imghdr, mailcap, mimetypes, xml.etree.
* \| \|	merge 3.3 (#18574)	Benjamin Peterson	2014-01-19	1	-1/+1
\|\ \ \ \| \|/ /
\| * \|	fix handling of 100-continue status code (closes #18574)	Benjamin Peterson	2014-01-19	1	-1/+1
\| \| \|
* \| \|	Issue #19936: Added executable bits or shebang lines to Python scripts which	Serhiy Storchaka	2014-01-16	1	-3/+0
\|\ \ \ \| \|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang lines in the unittestgui and checkpip scripts.
\| * \|	Issue #19936: Added executable bits or shebang lines to Python scripts which	Serhiy Storchaka	2014-01-16	1	-3/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* \| \|	merge 3.3 (#20018)	Benjamin Peterson	2013-12-18	1	-1/+1
\|\ \ \ \| \|/ /