[Python-checkins] cpython (3.2): Issue #12541: Be lenient with quotes around Realm field of HTTP Basic
senthil.kumaran
python-checkins at python.org
Tue May 15 16:42:27 CEST 2012
http://hg.python.org/cpython/rev/bb94fec5c5ab
changeset: 76953:bb94fec5c5ab
branch: 3.2
parent: 76938:b1e03e863386
user: Senthil Kumaran <senthil at uthcode.com>
date: Tue May 15 22:30:25 2012 +0800
summary:
Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2.
G: changed Misc/NEWS
files:
Lib/test/test_urllib2.py | 15 +++++++++++++++
Lib/urllib/request.py | 2 +-
Misc/NEWS | 3 +++
3 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@@ -1218,6 +1218,21 @@
def test_basic_auth_with_single_quoted_realm(self):
self.test_basic_auth(quote_char="'")
+ def test_basic_auth_with_unquoted_realm(self):
+ opener = OpenerDirector()
+ password_manager = MockPasswordManager()
+ auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager)
+ realm = "ACME Widget Store"
+ http_handler = MockHTTPHandler(
+ 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
+ opener.add_handler(auth_handler)
+ opener.add_handler(http_handler)
+ self._test_basic_auth(opener, auth_handler, "Authorization",
+ realm, http_handler, password_manager,
+ "http://acme.example.com/protected",
+ "http://acme.example.com/protected",
+ )
+
def test_proxy_basic_auth(self):
opener = OpenerDirector()
ph = urllib.request.ProxyHandler(dict(http="proxy.example.com:3128"))
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -794,7 +794,7 @@
# allow for double- and single-quoted realm values
# (single quotes are a violation of the RFC, but appear in the wild)
rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
- 'realm=(["\'])(.*?)\\2', re.I)
+ 'realm=(["\']?)([^"\']*)\\2', re.I)
# XXX could pre-emptively send auth info already accepted (RFC 2617,
# end of section 2, and section 1.2 immediately after "credentials"
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -63,6 +63,9 @@
Library
-------
+- Issue #12541: Be lenient with quotes around Realm field of HTTP Basic
+ Authentation in urllib2.
+
- Issue #14662: Prevent shutil failures on OS X when destination does not
support chflag operations. Patch by Hynek Schlawack.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list