[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Roundup Robot added the comment: New changeset b82178b07e0f by Senthil Kumaran in branch '2.7': Issue12541 - Add UserWarning for unquoted realms http://hg.python.org/cpython/rev/b82178b07e0f New changeset b5b38bda9fc4 by Senthil Kumaran in branch '3.2': Issue12541 - Add UserWarning for unquoted

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Senthil Kumaran added the comment: this issue is taken care. Both in accepting unquoted Realm for basic auth leniently and then raising a UserWarning when encountering this case. -- resolution: -> fixed stage: needs patch -> committed/rejected status: open -> closed _

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Roundup Robot added the comment: New changeset 3e10d0148f79 by Senthil Kumaran in branch '2.7': Issue #12541: Be lenient with quotes around Realm field with HTTP Basic Authentation in urllib2. http://hg.python.org/cpython/rev/3e10d0148f79 New changeset bb94fec5c5ab by Senthil Kumaran in branch

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Changes by Ezio Melotti : -- stage: -> needs patch ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

shevegen added the comment: I think a warning would be quite nice to have. -- nosy: +shevegen ___ Python tracker ___ ___ Python-bugs-

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Alex Leon added the comment: It could have a 2 phase regex match. We match the first one, and if it fails, match the second and produce a warning. I think producing a warning is a good idea, as it allows the programmer to know that the implementation of basic auth they are trying to connect

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Senthil Kumaran added the comment: I don't think so. We are just making our regex bit lenient. I am not sure how we can raise a warning with more lenient regex. As with any parsing changes, I would like to be careful and that we don't introduce any regression. -- _

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

R. David Murray added the comment: Perhaps we should issue a warning, then, too? -- nosy: +r.david.murray ___ Python tracker ___ ___

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Senthil Kumaran added the comment: Here is a patch with the test for accepting the badly formed headers. I would like to ensure that change in the regex is fool-proof in order to accomodate this bad behavior, so that we don't break the existing stuff. It is problem at the server end,I found t

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Alex Leon added the comment: For some reason a caret went missing in the regex fix. It should read 'realm=(["\']?)([^"\']*)\\2', re.I) -- ___ Python tracker ___ ___

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Changes by Petri Lehtinen : -- nosy: +petri.lehtinen ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mai

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

Changes by Senthil Kumaran : -- assignee: -> orsenthil nosy: +orsenthil ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth

New submission from Alex Leon : It looks like some servers using basic authentication don't include quotes around the realm (example https://api.connect2field.com) as required by rfc 2617. urllib wont handle these requests and silently fails, but a simple change to the regex in AbstractBasicAu