Antoine Pitrou <pit...@free.fr> added the comment: > > Senthil's patch allows a redirect to ftp while Guido's doesn't. > > That is a good question. Should we? It doesn't look like ftp: > participates in the vulnerability, but I'm not sure how useful it is > either.
I would say accept it anyway. That way we minimize potential for compatibility breakage. (do we support "ftps" as well? I don't think so) > > Senthil's patch doesn't seem to fix urllib-inherited code, only > urllib2- (see FancyURLopener.redirect_internal()). > > Right, that's for Python 3. FancyURLopener is still present in Python 3 (even though we would like to deprecate it in 3.3). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11662> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
