Add tests for the urllib[2] vulnerability. Change to raise exceptions.

commit: f1509306d266a091c6c12ec3b78b8eaaa9d0aff9 [log] [tgz]
author: guido@google.com <guido@google.com> Mon Mar 28 13:47:01 2011 -0700
committer: guido@google.com <guido@google.com> Mon Mar 28 13:47:01 2011 -0700
tree: 7cb0b25ae654a3806a121795831f8011927cdd23
parent: 2bc23b8448394e96d5562fcc7b69aa54bb2c1a38 [diff] [blame]
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index 0bb69a0..a537d36 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py

@@ -561,7 +561,10 @@
         if not (newurl_lower.startswith('http://') or
                 newurl_lower.startswith('https://') or
                 newurl_lower.startswith('ftp://')):
-            return
+            raise HTTPError(newurl, code,
+                            msg + " - Redirection to url '%s' is not allowed" %
+                            newurl,
+                            headers, fp)
 
         # XXX Probably want to forget about the state of the current
         # request, although that might interact poorly with other
commit	f1509306d266a091c6c12ec3b78b8eaaa9d0aff9	[log] [tgz]
author	guido@google.com <guido@google.com>	Mon Mar 28 13:47:01 2011 -0700
committer	guido@google.com <guido@google.com>	Mon Mar 28 13:47:01 2011 -0700
tree	7cb0b25ae654a3806a121795831f8011927cdd23
parent	2bc23b8448394e96d5562fcc7b69aa54bb2c1a38 [diff] [blame]