[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Philipp Hagemeister added the comment: Update testcase, and call split before splitdrive -- Added file: http://bugs.python.org/file42319/fix-path-traversal-26657.patch ___ Python tracker

[issue25431] implement address in network in ipaddress module

Aleksandr Balezin added the comment: Any news? -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue26659] slice() leaks memory when part of a cycle

New submission from Kevin Modzelewski: The slice type doesn't participate in GC, which means that if you happen to create a cycle involving a slice, that cycle will never get freed. Here's an example: def f(): l = [] l.append(slice(l)) # Will consume memory without bound: while True:

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Philipp Hagemeister added the comment: Please find attached a patch which adds a testcase for Windows (on all platforms) as well as code to fix the problem. Since os.path.split returns everything after the final slash/backslash, it only needs to be called once. Note that the usage of

[issue26654] asyncio is not inspecting keyword arguments of functools.partial

Guido van Rossum added the comment: Oh, wow. I didn't even know we special-case partial() there. In general we tend to focus more on positional arguments (since asyncio intentionally doesn't take keyword args for callbacks) but I see no reason why we couldn't add this here. Maybe you're

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Martin Panter added the comment: Thomas: can you point to the “warning that those modules are not secure in the module docs”? All I can see is a warning in the pydoc output for http.server.__doc__, but that is specifically about the CGI server. The specific bug with allowing c:c:c:.. looks

[issue26660] tempfile.TemporaryDirectory() cleanup exception on Windows if readonly files created

New submission from Laurent Mazuel: Using tempfile.TemporaryDirectory() in Windows, creating read-only files in this temp directory leads to PermissionError during the cleanup(). This is a direct cause of this one: https://bugs.python.org/issue19643 And the workaround which was proposed in the

[issue23551] IDLE to provide menu link to PIP gui.

Eric Khoo Jiun Hooi added the comment: Is there any other uses of the ensurepip script? -- ___ Python tracker ___

[issue23551] IDLE to provide menu link to PIP gui.

Eric Khoo Jiun Hooi added the comment: >From what I know after reading the ensurepip script, the ensurepip script is >checking whether the pip and it requirement tools are installed right like >get_pip.py that was mention https://pip.pypa.io/en/stable/installing/ ? So, we >have to put it

[issue26653] bisect raises a TypeError when hi is None

Raymond Hettinger added the comment: Sorry, I don't think that is a good idea. The use of None as a placeholder for optional arguments is legitimate and well enshrined in Python history. The code is bisect is very old, stable, and battle-tested. There isn't a real bug here, nothing is

[issue26633] multiprocessing behavior combining daemon with non-daemon children inconsistent with threading

Changes by Davin Potts : -- nosy: +davin ___ Python tracker ___ ___

[issue26659] slice() leaks memory when part of a cycle

Demur Rumed added the comment: Implementing tp_traverse & tp_clear seems to runs into complications due to slice_cache -- nosy: +Demur Rumed ___ Python tracker

[issue26632] __all__ decorator

Raymond Hettinger added the comment: [Barry] > This is probably terrible ... I have to agree with that part ;-) Sorry, but this feels "yucky" and is likely to cause more problems than it solves. -- nosy: +rhettinger ___ Python tracker

[issue26488] hashlib command line interface

Changes by SilentGhost : -- dependencies: +argparse.FileType for '-' doesn't work for a mode of 'rb' nosy: +SilentGhost ___ Python tracker

[issue15859] PyUnicode_EncodeFSDefault win32 inconsistancy.

Berker Peksag added the comment: shanzhengcheng: Please don't update closed issues. gns3-1.4.5 is not part of the Python standard library. You'll get better support by using the gns3 support channels. If you still think that this is a bug in Python, please file a new issue by using the form

[issue19959] argparse.FileType does not expand tilde "~"

Julian Berman added the comment: My support (or really, asking for a more generic callable) was to enable other use cases, not this one specifically -- e.g., allowing for constructing a pathlib Path or a twisted.python.filepath.FilePath without needing to write one's own argparse action. For

[issue15859] PyUnicode_EncodeFSDefault win32 inconsistancy.

Changes by Berker Peksag : -- nosy: -paul.moore, steve.dower, tim.golden, zach.ware ___ Python tracker ___

[issue26655] pathlib glob case sensitivity issue on Windows

New submission from Udo Eberhardt: On Windows Path.glob does not always return the file name with correct case. If the current directory contains a file named MixedCase.txt then the following script: import pathlib p = pathlib.Path('.') print(list(p.glob('*.txt')))

[issue26632] __all__ decorator

Barry A. Warsaw added the comment: On Mar 28, 2016, at 06:34 AM, Raymond Hettinger wrote: >I have to agree with that part ;-) Sorry, but this feels "yucky" and is >likely to cause more problems than it solves. I've been experimenting with something like this in a Mailman branch and I've come

[issue25314] Documentation: argparse's actions store_{true, false} default to False/True (undocumented)

Roundup Robot added the comment: New changeset 566fe3564684 by Raymond Hettinger in branch '3.5': Issue #25314: store_true and store_false also create appropriate defaults. https://hg.python.org/cpython/rev/566fe3564684 New changeset 9fdeca5fdbf0 by Martin Panter in branch 'default': Issue

[issue26651] Deprecate register_adapter() and register_converter() in sqlite3

Raymond Hettinger added the comment: A few thoughts: 1) Deprecation messages should say "do X instead" rather than leaving users stranded. 2) As long as most of our users are still with Python 2.7 we need to avoid deprecations that present obstacles to Python 3 adoption or that increase

[issue23804] SSLSocket.recv(0) receives up to 1024 bytes

Changes by Martin Panter : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: +Python 3.6 -Python 3.4 ___ Python tracker

[issue26488] hashlib command line interface

Aviv Palivoda added the comment: I actually have noticed issue 13824 while working on this issue. The patch I uploaded to Issue 14156 actually fixes the problem in issue 13824 in addition to the problem with the stdin/stdout. I think we should add a dependency in issue 14156 for this issue.

[issue26632] __all__ decorator

Serhiy Storchaka added the comment: Agree with Raymond. -- nosy: +serhiy.storchaka ___ Python tracker ___ ___

[issue26653] bisect raises a TypeError when hi is None

Raymond Hettinger added the comment: The pure python code used None as a placeholder for an optional argument. It is not an intended input value. The documented signature is: bisect.bisect_left(a, x, lo=0, hi=len(a)). -- priority: normal -> low

[issue26654] asyncio is not inspecting keyword arguments of functools.partial

New submission from iceboy: import asyncio import functools def foo(x): raise Exception() loop = asyncio.get_event_loop() loop.call_soon(functools.partial(foo, x=1)) loop.run_forever() Current error message: Exception in callback foo()() at ...:4 Expected error message: Exception in

[issue26653] bisect raises a TypeError when hi is None

Changes by Raymond Hettinger : -- assignee: -> rhettinger ___ Python tracker ___

[issue25314] Documentation: argparse's actions store_{true, false} default to False/True (undocumented)

Martin Panter added the comment: For the record, porting the change was rather easy (hg graft + tweak + hg commit --amend). With that applied, I think it eliminates the need for the store_true/false half of Julien’s patch. Is the store_const half of Julien’s patch ready to commit? --

[issue26652] Cannot install Python 2.7.11 on Windows Server 2008 R2

Changes by SilentGhost : -- components: +Windows nosy: +paul.moore, steve.dower, tim.golden, zach.ware ___ Python tracker ___

[issue26656] Documentation for re.compile is a bit outdated

New submission from Sworddragon: The documentation for re.compile says "Compile a regular expression pattern into a regular expression object, which can be used for matching using its match() and search() methods, described below." which implies that match() and search() are the only methods

[issue26632] __all__ decorator

Serhiy Storchaka added the comment: There is a helper in test.support that helps to add a test for __all__, and we slowly add these test for all modules. So this is not large issue for the stdlib. New module level names are added not very often. Keeping __all__ in sync is not the largest

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

New submission from Thomas: SimpleHTTPServer and http.server allow directory traversal on Windows. To exploit this vulnerability, replace all ".." in URLs with "c:c:c:..". Example: Run python -m http.server and visit 127.0.0.1:8000/c:c:c:../secret_file_that_should_be_secret_but_is_not.txt

[issue10740] sqlite3 module breaks transactions and potentially corrupts data

Berker Peksag added the comment: Here is a patch. It contains the following commits: * https://github.com/ghaering/pysqlite/commit/f254c534948c41c0ceb8cbabf0d4a2f547754739 * https://github.com/ghaering/pysqlite/commit/796b3afe38cfdac5d7d5ec260826b0a596554631 *

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Changes by SilentGhost : -- components: +Windows nosy: +martin.panter, paul.moore, steve.dower, tim.golden, zach.ware versions: +Python 3.5 ___ Python tracker

[issue26655] pathlib glob case sensitivity issue on Windows

Serhiy Storchaka added the comment: The problem is that there is no way to just read a file name exactly as it is spelled in the file system. Iterating all names in the directory and finding the one that match specified name ignoring case is not such effective as checking that specified file

[issue26653] bisect raises a TypeError when hi is None

Serhiy Storchaka added the comment: May be change the placeholder? For example to sys.maxsize, float('inf') or ['len(a)']. -- nosy: +serhiy.storchaka ___ Python tracker

[issue26658] test_os fails when run on Windows ramdisk

New submission from Jeremy Kloth: The Win32JunctionTests class fails when the test suite is run on an ImDisk[1]_ virtual disk. The junctions are created successfully, however os.stat() fails on them (winerror 123). os.lstat() does succeed. I'm inclined to believe that this is a bug in the

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Changes by Xiang Zhang : -- nosy: +xiang.zhang ___ Python tracker ___ ___ Python-bugs-list

[issue23551] IDLE to provide menu link to PIP gui.

Terry J. Reedy added the comment: Sunday morning I posted "Adding a Pip GUI to IDLE and idlelib (GSOC project)" to the pydev list requesting that any objections to the current plan be raised and resolved soon, before final acceptance of a student proposal and official initiation of work on

[issue26658] test_os fails when run on Windows ramdisk

STINNER Victor added the comment: Maybe the junction must not include Lib/ but only temporary directories? I didn't read the tedt yet. -- ___ Python tracker