cpython.git - https://github.com/python/cpython.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	[3.9] gh-105704: Disallow square brackets (`[` and `]`) in domain names for ↵	Miss Islington (bot)	2025-02-19	1	-1/+36
\| \| \| \| \| \| \| \| \|	parsed URLs (GH-129418) (#129530) (cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
*	[3.9] gh-103848: Adds checks to ensure that bracketed hosts found by ↵	Victor Stinner	2024-12-02	1	-0/+26
\| \| \| \| \| \| \| \|	urlsplit are of IPv6 or IPvFuture format (#103849) (#126976) Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 29f348e232e82938ba2165843c448c2b291504c5) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>
*	[3.9] gh-67693: Fix urlunparse() and urlunsplit() for URIs with path ↵	Serhiy Storchaka	2024-09-05	1	-3/+67
\| \| \| \| \| \| \| \|	starting with multiple slashes and no authority (GH-113563) (#119027) (cherry picked from commit e237b25a4fa5626fcd1b1848aa03f725f892e40e) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
*	[3.9] gh-102153: Start stripping C0 control and space chars in `urlsplit` ↵	Miss Islington (bot)	2023-05-22	1	-1/+60
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	(GH-102508) (GH-104575) (GH-104592) (#104593) gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). I simplified the docs by eliding the state of the world explanatory paragraph in this security release only backport. (people will see that in the mainline /3/ docs) (cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10) (cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941) (cherry picked from commit f48a96a28012d28ae37a2f4587a780a5eb779946) Co-authored-by: Illia Volochii <illia.volochii@gmail.com> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
*	[3.9] bpo-43882 Remove the newline, and tab early. From query and fragments. ↵	Senthil Kumaran	2021-05-03	1	-8/+16
\| \| \| \| \|	(#25853) * Remove the newline, and tab early. From query and fragments.
*	[3.9] bpo-43882 - urllib.parse should sanitize urls containing ASCII newline ↵	Miss Islington (bot)	2021-04-29	1	-0/+29
\| \| \| \| \| \| \| \| \| \|	and tabs. (GH-25595) (GH-25725) * bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. (GH-25595) Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 76cd81d60310d65d01f9d7b48a8985d8ab89c8b4) Co-authored-by: Senthil Kumaran <skumaran@gatech.edu>
*	bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (GH-24818)	Miss Islington (bot)	2021-04-11	1	-0/+4
\| \| \| \| \| \| \| \| \| \|	* coerce bytes separator to string * Add news * Update Misc/NEWS.d/next/Library/2021-03-11-00-31-41.bpo-42967.2PeQRw.rst (cherry picked from commit b38601d49675d90e1ee6faa47f7adaeca992d02d) Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
*	[3.9] bpo-42967: only use '&' as a query string separator (GH-24297) (#24528)	Senthil Kumaran	2021-02-15	1	-22/+46
\| \| \| \| \| \| \| \| \| \| \| \| \|	(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776) * [3.9] bpo-42967: only use '&' as a query string separator (GH-24297) bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
*	bpo-27657: Fix urlparse() with numeric paths (#661)	Tim Graham	2019-10-18	1	-4/+6
\| \| \| \| \| \| \| \| \| \|	* bpo-27657: Fix urlparse() with numeric paths Revert parsing decision from bpo-754016 in favor of the documented consensus in bpo-16932 of how to treat strings without a // to designate the netloc. * bpo-22891: Remove urlsplit() optimization for 'http' prefixed inputs.
*	bpo-36742: Corrects fix to handle decomposition in usernames (#13812)	Steve Dower	2019-06-04	1	-5/+6
\|
*	bpo-35397: Remove deprecation and document urllib.parse.unwrap (GH-11481)	Rémi Lapeyre	2019-05-27	1	-8/+4
\|
*	bpo-36742: Fixes handling of pre-normalization characters in urlsplit() ↵	Steve Dower	2019-04-30	1	-0/+6
\| \| \| \|	(GH-13017)
*	bpo-36216: Add check for characters in netloc that normalize to separators ↵	Steve Dower	2019-03-07	1	-0/+23
\| \| \| \|	(GH-12201)
*	bpo-35202: Remove unused imports in tests. (GH-10561)	Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)	2018-11-16	1	-1/+0
\|
*	bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)	matthewbelisle-wf	2018-10-19	1	-0/+7
\| \| \| \|	Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
*	bpo-27485: Change urlparse tests to use private methods. (GH-7070)	Cheryl Sabella	2018-06-03	1	-12/+12
\|
*	bpo-27485: Rename and deprecate undocumented functions in urllib.parse (GH-2205)	Cheryl Sabella	2018-04-25	1	-1/+87
\|
*	bpo-33034: Improve exception message when cast fails for ↵	Matt Eaton	2018-03-20	1	-0/+10
\| \| \| \|	{Parse,Split}Result.port (GH-6078)
*	bpo-32323: urllib.parse.urlsplit() must not lowercase() IPv6 scope value (#4867)	Коренберг Марк	2017-12-21	1	-0/+9
\|
*	urllib: Simplify splithost by calling into urlparse. (#1849)	postmasters	2017-06-20	1	-12/+39
\| \| \| \| \| \| \| \|	The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``.
*	correct parse_qs and parse_qsl test case descriptions. (#968)	Senthil Kumaran	2017-04-05	1	-6/+6
\| \| \|	* correct parse_qs and parse_qsl test case descriptions.
*	Issue #25895: Merge from 3.5	Berker Peksag	2016-09-16	1	-0/+2
\|\
\| *	Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoin	Berker Peksag	2016-09-16	1	-0/+2
\| \| \| \| \| \| \| \|	Patch by Gergely Imreh and Markus Holtermann.
* \|	merge 3.5	Senthil Kumaran	2016-04-16	1	-2/+53
\|\ \ \| \|/ \| \| \| \| \| \|	issue26775 - Improve test coverage for urllib.parse Patch contributed by Luiz Poleto.
\| *	issue26775 - Improve test coverage for urllib.parse	Senthil Kumaran	2016-04-16	1	-2/+53
\| \| \| \| \| \| \| \|	Patch contributed by Luiz Poleto.
* \|	Issue #20059: urllib.parse raises ValueError on all invalid ports.	Robert Collins	2015-08-09	1	-19/+17
\|/ \| \| \|	Patch by Martin Panter.
*	Issue #23684: Clarify the return value of the scheme attribute of ↵	Berker Peksag	2015-06-25	1	-0/+41
\|\ \| \| \| \| \| \| \| \| \| \|	ParseResult and SplitResult objects. Patch by Martin Panter.
\| *	Issue #23684: Clarify the return value of the scheme attribute of ↵	Berker Peksag	2015-06-25	1	-0/+41
\| \| \| \| \| \| \| \| \| \| \| \|	ParseResult and SplitResult objects. Patch by Martin Panter.
* \|	Issue #13866: add quote_via argument to urlencode.	R David Murray	2015-05-18	1	-0/+10
\| \| \| \| \| \| \| \| \| \|	Patch by samwyse, completed by Arnon Yaari, and reviewed by Martin Panter.
* \|	Issue #23703: Fix a regression in urljoin() introduced in 901e4e52b20a.	Berker Peksag	2015-04-15	1	-0/+3
\| \| \| \| \| \| \| \|	Patch by Demian Brecht.
* \|	Issue #23411: Added DefragResult, ParseResult, SplitResult, DefragResultBytes,	Serhiy Storchaka	2015-04-07	1	-0/+16
\| \| \| \| \| \| \| \| \| \|	ParseResultBytes, and SplitResultBytes to urllib.parse.__all__. Patch by Martin Panter.
* \|	Added more tests for urllib.parse utility functions.	Serhiy Storchaka	2015-03-02	1	-54/+129
\|\ \ \| \|/ \| \| \| \|	These functions are not documented but used in third-party code.
\| *	Added more tests for urllib.parse utility functions.	Serhiy Storchaka	2015-03-02	1	-54/+129
\| \| \| \| \| \| \| \|	These functions are not documented but used in third-party code.
* \|	Issue #22278: Fix urljoin problem with relative urls, a regression observed	Senthil Kumaran	2014-09-22	1	-0/+12
\| \| \| \| \| \| \| \| \| \| \| \|	after changes to issue22118 were submitted. Patch contributed by Demian Brecht and reviewed by Antoine Pitrou.
* \|	Issue #22118: Switch urllib.parse to use RFC 3986 semantics for the ↵	Antoine Pitrou	2014-08-21	1	-16/+24
\|/ \| \| \| \| \|	resolution of relative URLs, rather than RFCs 1808 and 2396. Patch by Demian Brecht.
*	Issue #20270: urllib.urlparse now supports empty ports.	Serhiy Storchaka	2014-01-18	1	-10/+28
\|\
\| *	Issue #20270: urllib.urlparse now supports empty ports.	Serhiy Storchaka	2014-01-18	1	-10/+28
\| \|
* \|	Issue #19936: Added executable bits or shebang lines to Python scripts which	Serhiy Storchaka	2014-01-16	1	-2/+0
\|\ \ \| \|/ \| \| \| \| \| \| \| \| \| \|	requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang lines in the unittestgui and checkpip scripts.
\| *	Issue #19936: Added executable bits or shebang lines to Python scripts which	Serhiy Storchaka	2014-01-16	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* \|	#17472: add tests for a couple of untested methods in urllib.urlparse.	R David Murray	2013-03-22	1	-0/+8
\|/ \| \| \|	Original patch by Daniel Wozniak.
*	Fix issue16713 - tel url parsing with params	Senthil Kumaran	2012-12-24	1	-0/+29
\|
*	Issue #14036: return None when port in urlparse cross 65535	Senthil Kumaran	2012-05-24	1	-0/+5
\|
*	#14072: Fix parsing of tel URIs in urlparse by making the check for ports ↵	Ezio Melotti	2012-05-19	1	-0/+7
\| \| \| \|	stricter.
*	Issue9374 - Generic parsing of query and fragment portion of urls for any scheme	Senthil Kumaran	2012-05-19	1	-0/+9
\|
*	Merge from 3.1: Issue #13703: add a way to randomize the hash values of ↵	Georg Brandl	2012-02-20	1	-1/+2
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	basic types (str, bytes, datetime) in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
* \|	Remove duplication.	Ezio Melotti	2011-10-19	1	-1/+1
\| \|
* \|	change the redundant svn scheme urljoin test case to svn+ssh scheme.	Senthil Kumaran	2011-08-03	1	-1/+1
\| \|
* \|	Fix closes issue12683 - urljoin to work with relative join of svn scheme.	Senthil Kumaran	2011-08-03	1	-0/+2
\| \|
* \|	Fix closes issue12581 - Increase the urllib.parse test coverage. Patch by ↵	Senthil Kumaran	2011-07-23	1	-2/+76
\| \| \| \| \| \| \| \|	Petter Haggholm.
* \|	merge from 3.1	Senthil Kumaran	2011-04-15	1	-0/+5
\|\ \ \| \|/