| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-42967: only use '&' as a query string separator (#24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in
urllib.parse.parse_qsl().
urllib.parse will only us "&" as query string separator by default
instead of both ";" and "&" as allowed in earlier versions. An optional
argument seperator with default value "&" is added to specify the
separator.
Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>
(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
* [3.8] bpo-42967: only use '&' as a query string separator (GH-24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().
urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.
Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>.
(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
* Update correct version information.
* fix docs and make logic clearer
Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
Co-authored-by: Fidget-Spinner <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
| |
urllib.parse.unquote (GH-22746)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-18525)
This reverts commit 0f3187c1ce3b3ace60f6c1691dfa3d4e744f0384.
The change broke the backwards compatibility of parsing behavior in a
patch release of Python (3.8.1). A decision was taken to revert this
patch in 3.8.2.
In https://bugs.python.org/issue27657 it was decided that the previous
behavior like
>>> urlparse('localhost:8080')
ParseResult(scheme='', netloc='', path='localhost:8080', params='', query='', fragment='')
>>> urlparse('undefined:8080')
ParseResult(scheme='', netloc='', path='undefined:8080', params='', query='', fragment='')
needs to be preserved in patch releases as number of users rely upon it.
Explicitly mention the releases involved with the revert in NEWS.
Adopt the wording suggested by @ned-deily.
|
| |
|
|
|
|
| |
Ignore leading dots and no longer ignore a trailing newline.
(cherry picked from commit 6a265f0d0c0a4b3b8fecf4275d49187a384167f4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* bpo-27657: Fix urlparse() with numeric paths
Revert parsing decision from bpo-754016 in favor of the documented
consensus in bpo-16932 of how to treat strings without a // to
designate the netloc.
* bpo-22891: Remove urlsplit() optimization for 'http' prefixed inputs.
(cherry picked from commit 5a88d50ff013a64fbdb25b877c87644a9034c969)
Co-authored-by: Tim Graham <timograham@gmail.com>
|
| | |
|
| | |
|
| |
|
|
| |
(GH-13017)
|
| |
|
|
|
|
| |
Fixes some mistakes and misleadings in the quote function docstring:
- reserved chars are never actually used by quote code, unreserved chars are
- reserved chars were wrong and incomplete
- mentioned that use-case is not minimal quoting wrt. RFC, but cautious quoting
|
| |
|
|
| |
(GH-12201)
|
| |
|
|
| |
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
|
| | |
|
| |
|
|
| |
{Parse,Split}Result.port (GH-6078)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The current regex based splitting produces a wrong result. For example::
http://abc#@def
Web browsers parse that URL as ``http://abc/#@def``, that is, the host
is ``abc``, the path is ``/``, and the fragment is ``#@def``.
|
| | |
|
| |
|
| |
* correct parse_qs and parse_qsl test case descriptions.
|
| |
|
|
|
|
|
|
|
|
| |
* bpo-16285: Update urllib quoting to RFC 3986
urllib.parse.quote is now based on RFC 3986, and hence
includes `'~'` in the set of characters that is not escaped
by default.
Patch by Christian Theune and Ratnadeep Debnath.
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Patch by Gergely Imreh and Markus Holtermann.
|
| |\ \
| |/
| |
| | |
Remove unnecessary test case comment in urllib.parse.py. These are asserted as test cases.
|
| | |
| |
| |
| | |
as test cases.
|
| | |
| |
| |
| | |
Patch contributed by Swati Jaiswal.
|
| |/
|
|
| |
Patch by Martin Panter.
|
| |
|
|
|
| |
Patch by samwyse, completed by Arnon Yaari, and reviewed by
Martin Panter.
|
| |
|
|
| |
Patch by Demian Brecht.
|
| |
|
|
|
| |
ParseResultBytes, and SplitResultBytes to urllib.parse.__all__.
Patch by Martin Panter.
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Patch by Wojtek Ruszczewski.
|
| | |
| |
| |
| |
| |
| | |
after changes to issue22118 were submitted.
Patch contributed by Demian Brecht and reviewed by Antoine Pitrou.
|
| | |
| |
| |
| |
| |
| | |
resolution of relative URLs, rather than RFCs 1808 and 2396.
Patch by Demian Brecht.
|
| |/
|
|
| |
class name instead of hardcoded one.
|
| |
|
|
|
|
| |
base32, ascii85 and base85 codecs in the base64 module, and delay the
initialization of the unquote_to_bytes() table of the urllib.parse module, to
not waste memory if these modules are not used.
|
| |\ |
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
Improve urlencode docstring. Patch by Brian Brazil.
Closes issue #15350
|
| | | |
|
| |/ |
|
| |
|
|
| |
urllib.parse.unquote() and urllib.parse.unquote_to_bytes().
|
| | |
|
| |
|
|
| |
backward compatibility issue, since they have a public-seeming name.
|
| | |
|
| |
|
|
| |
have ascii in help msg
|
| | |
|
| |
|
|
| |
stricter.
|
| | |
|
| | |
|
