New submission from Mihai Ibanescu <mihai.ibane...@gmail.com>:
According to http://www.ietf.org/rfc/rfc2617.txt section 2, in basic
HTTP authentication the password can be any character (including newline).
urllib does the following:
_passwdprog = re.compile('^([^:]*):(.*)$')
That should be changed to:
_passwdprog = re.compile('^([^:]*):(.*)$', re.S)
otherwise newlines will not be caught by the second part of the regex,
and bad things are produced.
For a password with regular chars in it:
> python -c "import urllib; print urllib.splitpasswd('user:ab')"
('user', 'ab')
For a password with a newline:
> python -c "import urllib; print urllib.splitpasswd('user:a\nb')"
('user:a\nb', None)
The expected result should have been ('user', 'a\nb')
----------
components: Library (Lib)
messages: 77919
nosy: mibanescu
severity: normal
status: open
title: urllib's splitpasswd does not accept newline chars in passwords
type: behavior
versions: Python 2.6, Python 3.0
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue4675>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
