zulla <d...@defendassist.com> added the comment:
I understand your point of view, but I disagree.
Various libraries and projects rely on urlparse.urlparse and
urllib.parse.urlparse.
This bug just blew up in my face. I'm working with Cython and PyQt4.
When a developer relies on ParseResult().netloc being a valid netloc, and .port
being None [bool(False)] or a integer between 1-65535 really bad things can
happen in a environment that has 0-tolerance for security issues (like C/C++
mixed in python).
I agree that the
if self.scheme == "http":
return 80
elif self.scheme == "https":
[...]
part of my patch is debetable, but we should _at least_ ensure that IF there is
a ParseResult().port, the developer can be sure that it is a valid port between
1-65545.
i apologize for upload the whole file; i attached the diff now.
regards,
dan
----------
keywords: +patch
Added file: http://bugs.python.org/file24541/urlparse.diff
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue14036>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
