[issue20271] urllib.parse.urlparse() accepts wrong URLs

2022-01-17 Thread STINNER Victor
Change by STINNER Victor : -- nosy: -vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2022-01-16 Thread Irit Katriel
Change by Irit Katriel : -- versions: +Python 3.10, Python 3.11, Python 3.9 -Python 3.5, Python 3.6, Python 3.7, Python 3.8 ___ Python tracker ___

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2019-10-24 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: With Victor's PR 16780, "http://[::1]spam:80; would raise a ValueError. ValueError: Invalid network location: '[::1]spam:80' -- ___ Python tracker

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2019-03-27 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: See also issue36338 for a possible security issue for host of value "benign.com[attacker.com]" (spam[::1] format) where attacker.com is parsed as the host name assuming presence of [ and ] to be a IPV6 address without validation of the value

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-22 Thread Martin Panter
Martin Panter added the comment: To me, the only difference between urlsplit() and urlparse() is that urlsplit() does not treat parameters following a semicolon specially. The documentation tends to agree with this view. So whatever exceptions are raised by urlparse() should also be raised by

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-06 Thread Demian Brecht
Demian Brecht added the comment: splitport() shouldn't handle auth, it should be called after auth is dropped with splituser(). Why shouldn't splitport() handle auth? Are you suggesting that in the eyes of splitport() that user:password@host:port should be invalid?

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-06 Thread Demian Brecht
Demian Brecht added the comment: I think some further consideration around this change is worthwhile: Currently, urllib.parse.split* methods seem to do inconsistent validation around the data they're splitting. For example: (None for an invalid port) parse.splitnport('example.com:foo')

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-06 Thread Demian Brecht
Changes by Demian Brecht demianbre...@gmail.com: -- stage: needs patch - patch review ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20271 ___ ___

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-03 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: With optimizations in issue23563 and weaken IPv6 check the implementation of urlsplit() can be faster. $ ./python -m timeit -s from urllib.parse import urlparse, clear_cache -- urlparse('http://python.org:80'); clear_cache() 1 loops, best of 3: 86.3

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-01 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: splitport() shouldn't handle auth, it should be called after auth is dropped with splituser(). The patch makes URL parsing slower, especially URLs with IPv6 addresses. $ ./python -m timeit -s from urllib.parse import urlparse, clear_cache --

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2015-03-01 Thread Martin Panter
Martin Panter added the comment: I suspect the proposed patch here would make some of the special error handling for the “port” property redundant, and would compete with my patch for Issue 20059, which raises ValueError in more cases when “port” is accessed, rather than returning None.

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-03-07 Thread STINNER Victor
STINNER Victor added the comment: Oh, by the way my patch fixes also #18191. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20271 ___ ___

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-03-07 Thread STINNER Victor
STINNER Victor added the comment: Here is a patch for Python 3.5 which breaks backward compatibility: urlparse functions now raise a ValueError if the IPv6 address, port or host is invalid. Examples of invalid URLs: - HTTP://WWW.PYTHON.ORG:65536/doc/#frag: 65536 is invalid -

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-03-07 Thread STINNER Victor
STINNER Victor added the comment: My patch urlparse.patch may be modified to fix also #18191 in Python 2.7, 3.3 and 3.4: splitport() should handle IPv6 ([::1]:80) and auth (user:passowrd@host) but not raises an exception. -- ___ Python tracker

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-01-31 Thread Yury Selivanov
Yury Selivanov added the comment: I think we should start raising an exception in 3.5 (backwards incompatible change to back-port it) -- nosy: +yselivanov versions: +Python 3.5 -Python 2.7, Python 3.3, Python 3.4 ___ Python tracker

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-01-21 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: What should be correct behavior? Raise an exception, return '[::1]spam' as hostname, or left all as is? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20271

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-01-15 Thread Serhiy Storchaka
New submission from Serhiy Storchaka: import urllib.parse p = urllib.parse.urlparse('http://[::1]spam:80') p ParseResult(scheme='http', netloc='[::1]spam:80', path='', params='', query='', fragment='') p.hostname '::1' p.port 80 'http://[::1]spam:80' is invalid URL, but

[issue20271] urllib.parse.urlparse() accepts wrong URLs

2014-01-15 Thread Serhiy Storchaka
Changes by Serhiy Storchaka storch...@gmail.com: -- dependencies: +urllib.parse doesn't work with empty port ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20271 ___