Home Original page

Message 153528 - Python tracker

Message153528

Author zulla
Recipients orsenthil, r.david.murray, zulla
Date 2012-02-17.02:18:53
SpamBayes Score 2.0876728e-06
Marked as misclassified No
Message-id <1329445135.32.0.140118467683.issue14036@psf.upfronthosting.co.za>
In-reply-to
Content 
I understand your point of view, but I disagree.

Various libraries and projects rely on urlparse.urlparse and urllib.parse.urlparse.

This bug just blew up in my face. I'm working with Cython and PyQt4.

When a developer relies on ParseResult().netloc being a valid netloc, and .port being None [bool(False)] or a integer between 1-65535 really bad things can happen in a environment that has 0-tolerance for security issues (like C/C++ mixed in python).

I agree that the 

if self.scheme == "http":
    return 80
elif self.scheme == "https":
    [...]

part of my patch is debetable, but we should _at least_ ensure that IF there is a ParseResult().port, the developer can be sure that it is a valid port between 1-65545.

i apologize for upload the whole file; i attached the diff now.

regards,
dan
History
Date User Action Args
2012-02-17 02:18:55zullasetrecipients: + zulla, orsenthil, r.david.murray
2012-02-17 02:18:55zullasetmessageid: <1329445135.32.0.140118467683.issue14036@psf.upfronthosting.co.za>
2012-02-17 02:18:54zullalinkissue14036 messages
2012-02-17 02:18:54zullacreate