Message153528
| Author |
zulla |
| Recipients |
orsenthil, r.david.murray, zulla |
| Date |
2012年02月17日.02:18:53 |
| SpamBayes Score |
2.0876728e-06 |
| Marked as misclassified |
No |
| Message-id |
<1329445135.32.0.140118467683.issue14036@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
I understand your point of view, but I disagree.
Various libraries and projects rely on urlparse.urlparse and urllib.parse.urlparse.
This bug just blew up in my face. I'm working with Cython and PyQt4.
When a developer relies on ParseResult().netloc being a valid netloc, and .port being None [bool(False)] or a integer between 1-65535 really bad things can happen in a environment that has 0-tolerance for security issues (like C/C++ mixed in python).
I agree that the
if self.scheme == "http":
return 80
elif self.scheme == "https":
[...]
part of my patch is debetable, but we should _at least_ ensure that IF there is a ParseResult().port, the developer can be sure that it is a valid port between 1-65545.
i apologize for upload the whole file; i attached the diff now.
regards,
dan |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年02月17日 02:18:55 | zulla | set | recipients:
+ zulla, orsenthil, r.david.murray |
| 2012年02月17日 02:18:55 | zulla | set | messageid: <1329445135.32.0.140118467683.issue14036@psf.upfronthosting.co.za> |
| 2012年02月17日 02:18:54 | zulla | link | issue14036 messages |
| 2012年02月17日 02:18:54 | zulla | create |
|