[issue29606] urllib FTP protocol stream injection
Martin Panter
report at bugs.python.org
Fri Apr 28 22:08:43 EDT 2017
Martin Panter added the comment:
I understand this bug (as reported by ECBFTW) is about Python injecting unexpected FTP commands when the “urllib” and “urllib2” modules are used. The “httplib” module (“http.client” in Python 3) is unaffected. I only mentioned HTTP as an example of a similar fix made recently; sorry if that was confusing.
To be clear, in Python 2 I think both the “urllib” _and_ “urllib2” modules are affected, as well as “ftplib” directly. In Python 3, “urllib.request” and “ftplib” are affected. But I don’t think “urlparse” and “urllib.parse” should be changed.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29606>
_______________________________________
More information about the Python-bugs-list
mailing list