[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 3e10d0148f79 by Senthil Kumaran in branch '2.7': Issue #12541: Be lenient with quotes around Realm field with HTTP Basic Authentation in urllib2. http://hg.python.org/cpython/rev/3e10d0148f79 New changeset bb94fec5c5ab by Senthil Kumaran in branch '3.2': Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2. http://hg.python.org/cpython/rev/bb94fec5c5ab New changeset bf20564296aa by Senthil Kumaran in branch 'default': merge from 3.2 - Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2. http://hg.python.org/cpython/rev/bf20564296aa -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Senthil Kumaran sent...@uthcode.com added the comment: this issue is taken care. Both in accepting unquoted Realm for basic auth leniently and then raising a UserWarning when encountering this case. -- resolution: - fixed stage: needs patch - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset b82178b07e0f by Senthil Kumaran in branch '2.7': Issue12541 - Add UserWarning for unquoted realms http://hg.python.org/cpython/rev/b82178b07e0f New changeset b5b38bda9fc4 by Senthil Kumaran in branch '3.2': Issue12541 - Add UserWarning for unquoted realms http://hg.python.org/cpython/rev/b5b38bda9fc4 New changeset 08fa1a47fa97 by Senthil Kumaran in branch 'default': Issue12541 - Add UserWarning for unquoted realms http://hg.python.org/cpython/rev/08fa1a47fa97 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Changes by Ezio Melotti ezio.melo...@gmail.com: -- stage: - needs patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Alex Leon ael...@gmail.com added the comment: It could have a 2 phase regex match. We match the first one, and if it fails, match the second and produce a warning. I think producing a warning is a good idea, as it allows the programmer to know that the implementation of basic auth they are trying to connect to is broken, and might help with future connection attempts. Also there are currently no warnings produced by python if it fails to parse the auth header, and its hard for a developer to know why. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
shevegen sheve...@linuxmail.org added the comment: I think a warning would be quite nice to have. -- nosy: +shevegen ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Senthil Kumaran sent...@uthcode.com added the comment: I don't think so. We are just making our regex bit lenient. I am not sure how we can raise a warning with more lenient regex. As with any parsing changes, I would like to be careful and that we don't introduce any regression. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Senthil Kumaran sent...@uthcode.com added the comment: Here is a patch with the test for accepting the badly formed headers. I would like to ensure that change in the regex is fool-proof in order to accomodate this bad behavior, so that we don't break the existing stuff. It is problem at the server end,I found that browsers thrown warning before accepting that. -- keywords: +patch Added file: http://bugs.python.org/file22853/issue12541.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
R. David Murray rdmur...@bitdance.com added the comment: Perhaps we should issue a warning, then, too? -- nosy: +r.david.murray ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Alex Leon ael...@gmail.com added the comment: For some reason a caret went missing in the regex fix. It should read 'realm=([\']?)([^\']*)\\2', re.I) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Changes by Ezio Melotti ezio.melo...@gmail.com: -- nosy: +ezio.melotti ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Changes by Petri Lehtinen pe...@digip.org: -- nosy: +petri.lehtinen ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
New submission from Alex Leon ael...@gmail.com: It looks like some servers using basic authentication don't include quotes around the realm (example https://api.connect2field.com) as required by rfc 2617. urllib wont handle these requests and silently fails, but a simple change to the regex in AbstractBasicAuthHandler from 'realm=([\'])(.*?)\\2', re.I) to 'realm=([\']?)([\']*)\\2', re.I) would make authentication more flexible. -- components: Library (Lib) messages: 140191 nosy: Alex.Leon priority: normal severity: normal status: open title: Accepting Badly formed headers in urllib HTTPBasicAuth type: behavior versions: Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Changes by Senthil Kumaran sent...@uthcode.com: -- assignee: - orsenthil nosy: +orsenthil ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12541 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com