Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 2b7e04d61274af03426975fe824ed83eca35b035
commit2b7e04d61274af03426975fe824ed83eca35b035[log] [tgz]
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Fri Feb 25 03:57:30 2022 -0800
committerGitHub <noreply@github.com>Fri Feb 25 03:57:30 2022 -0800
tree8497c04c372d92b643d77ea0158f3c3eb65abd47
parent632a8121d4d577541c3fddffc986bcb8d8d545b6 [diff]
bpo-46756: Fix authorization check in urllib.request (GH-31353)


Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
3 files changed
tree: 8497c04c372d92b643d77ea0158f3c3eb65abd47
  1. .azure-pipelines/
  2. .github/
  3. Doc/
  4. Grammar/
  5. Include/
  6. Lib/
  7. Mac/
  8. Misc/
  9. Modules/
  10. Objects/
  11. Parser/
  12. PC/
  13. PCbuild/
  14. Programs/
  15. Python/
  16. Tools/
  17. .editorconfig
  18. .gitattributes
  19. .gitignore
  20. .travis.yml
  21. aclocal.m4
  22. CODE_OF_CONDUCT.md
  23. config.guess
  24. config.sub
  25. configure
  26. configure.ac
  27. install-sh
  28. LICENSE
  29. Makefile.pre.in
  30. netlify.toml
  31. pyconfig.h.in
  32. README.rst
  33. setup.py