[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Updating the issue with version 3.2 tag since it was fixed there as well. Still fixed, of course. You are correct that the encodings can be tricky. Luckily I only added coding to tests. But you're right, I would consider very carefully before

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Also adding a patch that may be enough to fix the problem in python3.2. Review needed, did not test more than passing the previously failed unit test. -- Added file: http://bugs.python.org/file24235/urllib-userpass-w-spaces-fix.patch

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Senthil, I ported the tests to 3.2. The quoting problem seems to be the same in 3.2 and the new test fails. I don't know how the password managers handle the usernames and passwords in python3 urllib so I did not look at that. Could you please also

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Michele, in your patch: +authorization = ("Authorization: Basic %s\r\n" % + b64encode('a%20b:c%20d')) This is wrong. See the original report by me and RFC 2617. The username and password MUS

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: > It is better to do the explicitly above the b64 encoding step. > Just as host has been unquoted. > > user_passwd, host = splituser(host) > host = unquote(host) Ok. So it needs to be done on the li

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: Updated patch for 2.7 hg tip attached. Please review, test and if ok, port to 3.x. I guess the URL needs to be quoted so commented out the assertion for the URL being equal. I added unquote in the base64 encoding of the password, which makes the test

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: > Regarding unittests instead, there is already a method called > test_userpass_inurl which could be extended with some tests on a > password containing spaces ( Lib/test/test_urllib.py:263). But what > I haven't yet understood is: does i

[issue9725] urllib.request.FancyURLopener won't connect to pages requiring username and password

Changes by Joonas Kuorilehto : -- nosy: +joneskoo ___ Python tracker <http://bugs.python.org/issue9725> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13642] urllib incorrectly quotes username and password in https basic auth

New submission from Joonas Kuorilehto : Reproduction: >>> import urllib >>> urllib.urlopen("https://example.com/";) Enter username for Test Site at example.com: user Enter password for user in Test Site at example.com: top secret Enter username for Test Site at e