summaryrefslogtreecommitdiffstats
path: root/Lib/httplib.py
Commit message (Collapse)AuthorAgeFilesLines
* [2.7] closes bpo-38576: Disallow control characters in hostnames in ↵Matěj Cepl2020-03-191-0/+13
| | | | | | | | | http.client. (GH-19052) Add host validation for control characters for more CVE-2019-18348 protection. (cherry picked from commit 83fc70159b24) Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
* [2.7] bpo-38216, bpo-36274: Allow subclasses to separately override ↵Jason R. Coombs2019-10-081-11/+22
| | | | | | | | | | | | | validation and encoding behavior (GH-16476) Backporting this change, I observe a couple of things: 1. The _encode_request call is no longer meaningful because the request construction will implicitly encode the request using the default encoding when the format string is used (request = '%s %s %s'...). In order to keep the code as consistent as possible, I decided to include the call as a pass-through. I'd be just as happy to remove it entirely, but I'll leave that up to the reviewer to decide. It's okay that this functionality is disabled on Python 2 because this functionality was mainly around bpo-36274, which was mainly a concern with the transition to Python 3. 2. Because _encode_request is no longer meaningful, neither is the test for it, so I've removed that test. Therefore, the meaningful part of this test is that for bpo-38216, adding a (underscore-protected) hook to customize/disable validation. (cherry picked from commit 7774d7831e8809795c64ce27f7df52674581d298) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* bpo-30458: Disallow control chars in http URLs (GH-12755) (GH-13154) (GH-13315)Victor Stinner2019-05-211-0/+16
| | | | | | | | | | | | | | | | | | | | | | | Disallow control chars in http URLs in urllib2.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use httplib.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz> (cherry picked from commit 7e200e0763f5b71c199aaf98bd5588f291585619) Notes on backport to Python 2.7: * test_urllib tests urllib.urlopen() which quotes the URL and so is not vulerable to HTTP Header Injection. * Add tests to test_urllib2 on urllib2.urlopen(). * Reject non-ASCII characters: range 0x80-0xff.
* [2.7] closes bpo-8450: a better error message when http status line isn't ↵Shoham Peller2018-09-141-1/+1
| | | | | | | | | | | received (GH-2825) When the server has closed the connection before sending a status-line, the client's error message should have a more descriptive error message https://bugs.python.org/issue8450 https://bugs.python.org/issue8450
* Issue #24363: Continue parsing HTTP header in spite of invalid linesMartin Panter2016-09-161-24/+9
|
* Issue #27895: Spelling fixes (Contributed by Ville Skyttä).Martin Panter2016-09-071-1/+1
|
* Issue #17849: Raise sensible exception for invalid HTTP tunnel responseMartin Panter2015-09-071-0/+5
| | | | Initial patch from Cory Benfield.
* Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The portSerhiy Storchaka2015-05-281-4/+3
| | | | value in the host header was set to "None". Patch by Demian Brecht.
* Issue #15267: HTTPConnection.request() now is compatibile with old-styleSerhiy Storchaka2015-05-161-1/+1
| | | | classes (such as TemporaryFile). Original patch by Atsuo Ishimoto.
* Issue #23865: close() methods in multiple modules now are idempotent and moreSerhiy Storchaka2015-04-101-8/+13
| | | | | robust at shutdown. If needs to release multiple resources, they are released even if errors are occured.
* #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.R David Murray2015-03-221-13/+23
| | | | | | | Some http servers will reject PUT, POST, and PATCH requests if they do not have a Content-Length header. Patch by James Rutherford.
* Issue #22928: Disabled HTTP header injections in httplib.Serhiy Storchaka2015-03-121-1/+39
| | | | Original patch by Demian Brecht.
* simply ignore headers with no name (#19996)Benjamin Peterson2015-01-261-0/+5
| | | | Patch by Cory Benfield.
* Fix Issue23300 : httplib.HTTP classe's connect method should use _get_hostportSenthil Kumaran2015-01-241-2/+2
| | | | | instead of (non-existing) _set_hostport. (Fix the regression introduced in 568041fd8090 )
* merge 2.7.9 release branchBenjamin Peterson2014-12-071-15/+1
|\
| * remove HTTPSConnection's check_hostname parameter (#22959)Benjamin Peterson2014-12-071-15/+1
| |
* | Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails.Serhiy Storchaka2014-12-011-10/+14
|/ | | | Original patch by Martin Panter.
* pep 476: verify certificates by default (#22417)Benjamin Peterson2014-11-241-1/+1
|
* give urllib.urlopen a context parameter (closes #22927)Benjamin Peterson2014-11-241-2/+3
|
* allow hostname to be passed to SSLContext even if OpenSSL doesn't support ↵Benjamin Peterson2014-11-241-2/+1
| | | | | | SNI (closes #22921) Patch from Donald Stufft.
* allow passing cert/ssl information to urllib2.urlopen and ↵Benjamin Peterson2014-11-231-6/+29
| | | | | | httplib.HTTPSConnection This is basically a backport of issues #9003 and #22366.
* Issue #16037: HTTPMessage.readheaders() raises an HTTPException when moreBerker Peksag2014-08-051-0/+6
| | | | | | than 100 headers are read. Patch by Jyrki Pulliainen and Daniel Eriksson.
* Backport Fix for Issue #7776: Fix ``Host:'' header and reconnection when ↵Senthil Kumaran2014-05-171-16/+38
| | | | | | using http.client.HTTPConnection.set_tunnel(). Patch by Nikolaus Rath.
* Issue #20007: HTTPResponse.read(0) no more prematurely closes connection.Serhiy Storchaka2013-12-171-1/+1
| | | | Original patch by Simon Sapin.
* Issue #15633: httplib.HTTPResponse is now mark closed when the server sends ↵Antoine Pitrou2013-02-021-4/+9
| | | | less than the advertised Content-Length.
* Issue #16714: use 'raise' exceptions, don't 'throw'.Andrew Svetlov2012-12-181-1/+1
| | | | Patch by Serhiy Storchaka.
* Issue #16298: In HTTPResponse.read(), close the socket when there is no ↵Antoine Pitrou2012-12-151-0/+4
| | | | | | Content-Length and the incoming stream is finished. Patch by Eran Rundstein.
* Issue #16037: Limit httplib's _read_status() function to work around brokenChristian Heimes2012-09-251-1/+3
| | | | | HTTP servers and reduce memory usage. It's actually a backport of a Python 3.2 fix. Thanks to Adrien Kunysz.
* Fix Issue14721: Send Content-length: 0 for empty body () in the http.requestSenthil Kumaran2012-05-191-1/+1
|
* Fix for Issue13684 - httplib tunnel infinite loopSenthil Kumaran2012-04-231-1/+5
|
* Use raw strings for docstrings with backslashes in ASCII diagramsÉric Araujo2012-02-261-1/+1
|
* Fixes #10860: Handle empty port after port delimiter in httplibŁukasz Langa2011-10-181-1/+4
| | | | | | Thanks, Shawn Ligocki! 3.x version will come as a separate patch.
* Issue13073 - Address review comments and add versionchanged information in ↵Senthil Kumaran2011-10-051-3/+3
| | | | the docs.
* Remove the un-exercised in-module test code.Senthil Kumaran2011-08-101-68/+0
|
* #11515: fix several typos. Patch by Piotr Kasprzyk.Ezio Melotti2011-03-151-1/+1
|
* Merged revisions 87373,87381 via svnmerge fromAntoine Pitrou2010-12-181-5/+24
| | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k BaseHTTPServer isn't fixed, this would require too much refactoring. ........ r87373 | senthil.kumaran | 2010-12-18 17:55:23 +0100 (sam., 18 déc. 2010) | 3 lines Fix Issue6791 - Limit the HTTP header readline with _MAXLENGTH. Patch by Antoine Pitrou ........ r87381 | antoine.pitrou | 2010-12-18 18:59:18 +0100 (sam., 18 déc. 2010) | 3 lines NEWS entry for r87373 ........
* Merged revisions 86450 via svnmerge fromSenthil Kumaran2010-11-141-0/+3
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r86450 | senthil.kumaran | 2010-11-13 20:27:49 +0800 (Sat, 13 Nov 2010) | 3 lines Fix Issue5111 - Wrap the Ipv6 host with [] in the Host header ........
* Merged revisions 85205 via svnmerge fromSenthil Kumaran2010-10-031-1/+1
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85205 | senthil.kumaran | 2010-10-03 23:52:42 +0530 (Sun, 03 Oct 2010) | 3 lines Fix Issue10012 - httplib headers, which are (sometimes mistakenly) int are explicitly cast to str (bytes - in py3k). ........
* Merged revisions 85169 via svnmerge fromSenthil Kumaran2010-10-021-13/+13
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85169 | senthil.kumaran | 2010-10-02 16:03:13 +0530 (Sat, 02 Oct 2010) | 3 lines Use proper variable name 'data' instead of 'str' in the send method. ........
* Fix Issue1327971: HTTPResponse should expose a proper fileno attributeSenthil Kumaran2010-09-211-0/+3
|
* Forward port r70643 (#5542) + part of r83120 (just remove the comment)Victor Stinner2010-07-241-30/+12
| | | | | | | | Remove special logic that closes HTTPConnection socket on EPIPE. If the socket is closed, the client has no chance to read the response from the server. EPIPE means that it isn't possible to write more data from the socket, but not that it is impossible to read.
* Fix issue6312 - close the resp object for HEAD response.Senthil Kumaran2010-06-041-0/+1
|
* Fixed Issue6312 - httplib fails with HEAD requests to pages with ↵Senthil Kumaran2010-04-281-0/+3
| | | | "transfer-encoding: chunked"
* Issue #7427: improve the representation of httplib.BadStatusLine exceptions.Dirkjan Ochtman2010-02-241-0/+2
|
* issue3972: HTTPConnection and HTTPSConnection now support aGregory P. Smith2010-01-031-5/+9
| | | | | | source_address parameter. Also cleans up an annotation in the socket documentation.
* Fix for issue 7291 - urllib2 cannot handle https with proxy requiring authSenthil Kumaran2009-12-201-3/+15
| | | | Refactored HTTPHandler tests and added testcase for proxy authorization.
* Fix py3k warnings in httplibAntoine Pitrou2009-10-141-4/+4
|
* Issue #6790: Make it possible again to pass an `array.array` toAntoine Pitrou2009-09-291-1/+2
| | | | `httplib.HTTPConnection.send`. Patch by Kirk McDonald.
* Fixes issue #6838: use a list to accumulate the value instead of repeatedly ↵Chris Withers2009-09-041-12/+9
| | | | concatenating strings.
* comment typo fixGregory P. Smith2009-08-201-1/+1
|
generated by cgit v0.12 at 2025-08-27 18:46:40 (GMT)