433433fa6d
Adds IPv6 support when invoking http.server directly. (GH-10595)
2018-11-26 10:43:38 -08:00
4c33997057
bpo-34911: Added support for secure websocket cookies (GH-9734)
2018-10-08 21:49:29 +03:00
936f03e7fa
bpo-33365: print the header values beside the keys (GH-6611)
...
with debuglevel=1 only the header keys got printed. With
this change the header values get printed as well and the single
header entries get '\n' as a separator.
2018-06-19 16:20:58 +03:00
b36b0a3765
bpo-33663: Convert content length to string before putting to header (GH-7754)
2018-06-18 14:17:53 -07:00
1cee216cf3
bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195)
2018-05-29 22:10:30 +02:00
d5a2377c3d
bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
2018-04-23 02:48:11 +03:00
afbbac12a5
Removed a confusing line from a docstring in http.cookies (GH-6482)
...
There's no reason a cookie should _ever_ contain pickled data. That's just asking for a critical security vulnerability. Back in Python2 there were helpers for doing that, but they're no more in Python3. Now coded_value is used when the value needs to be encoded for any reason.
2018-04-15 17:23:47 -04:00
c87eb09d2e
bpo-29613: Added support for SameSite cookies (GH-6413)
...
* bpo-29613: Added support for SameSite cookies
Implemented as per draft
https://tools.ietf.org/html/draft-west-first-party-cookies-07
* Documented SameSite
And suggestions by members.
* Missing space :(
* Updated News and contributors
* Added version changed details.
* Fix in documentation
* fix in documentation
* Clubbed test cases for same attribute into single.
* Updates
* Style nits + expand tests
* review feedback
2018-04-07 16:09:42 -04:00
8bcfa02e4b
bpo-31639: Use threads in http.server module. (GH-5018)
2018-03-23 17:40:33 +01:00
61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address ( #3462 )
...
bpo-31399: Let OpenSSL verify hostname and IP
The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.
* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name
Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
53f7a7c281
bpo-32297: Few misspellings found in Python source code comments. ( #4803 )
...
* Fix multiple typos in code comments
* Add spacing in comments (test_logging.py, test_math.py)
* Fix spaces at the beginning of comments in test_logging.py
2017-12-14 13:04:53 +02:00
ad455cd924
bpo-31945: Configurable blocksize in HTTP(S)Connection ( #4279 )
...
blocksize was hardcoded to 8192, preventing efficient upload when using
file-like body. Add blocksize argument to __init__, so users can
configure the blocksize to fit their needs.
I tested this uploading data from /dev/zero to a web server dropping the
received data, to test the overhead of the HTTPConnection.send() with a
file-like object.
Here is an example 10g upload with the default buffer size (8192):
$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 17.53 seconds (584.00m/s)
real 0m17.574s
user 0m8.887s
sys 0m5.971s
Same with 512k blocksize:
$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 6.60 seconds (1551.15m/s)
real 0m6.641s
user 0m3.426s
sys 0m2.162s
In real world usage the difference will be smaller, depending on the
local and remote storage and the network.
See https://github.com/nirs/http-bench for more info.
2017-11-06 13:16:37 -08:00
52ad72dd0a
bpo-30553: Add status code 421 to http.HTTPStatus (GH-2589)
2017-10-26 21:49:19 +03:00
13ad3b7a82
bpo-31462: Remove trailing whitespaces. ( #3564 )
2017-09-14 09:38:36 +03:00
a6a4dc816d
bpo-31370: Remove support for threads-less builds ( #3385 )
...
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
a17a2f52c4
bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module ( #1776 )
...
* bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object
* bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
2017-05-24 00:29:06 -07:00
a632d00a1c
Remove duplicate line in Lib/http/client.py ( #1665 )
2017-05-19 15:28:35 +03:00
7e4db2f253
bpo-30166: Import command-line parsing modules only when needed. ( #1293 )
2017-05-04 08:17:47 +03:00
2e576f5aec
bpo-30144: Import collections ABC from collections.abc rather than collections. ( #1263 )
2017-04-24 09:05:00 +03:00
351adda54b
bpo-29654 : Support If-Modified-Since HTTP header (browser cache) ( #298 )
...
Return 304 response if file was not modified.
2017-04-02 13:26:12 +03:00
cc283378d6
Issue #29192 : Removed deprecated features in the http.cookies module.
2017-01-13 09:23:15 +02:00
70d28a184c
Remove unused imports.
2016-12-16 20:00:15 +02:00
e82338ddab
Issue #28548 : Parse HTTP request version even if too many words received
2016-11-19 01:06:37 +00:00
741d4940fe
Issue #23214 : Remove BufferedReader.read1(-1) workaround
2016-10-21 00:52:04 +00:00
bd48d27944
Issue #22493 : Inline flags now should be used only at the start of the
...
regular expression. Deprecation warning is emitted if uses them in the
middle of the regular expression.
2016-09-11 12:50:02 +03:00
d04863771b
Issue #28022 : Deprecate ssl-related arguments in favor of SSLContext.
...
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.
ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
451d0e38fc
Issue 27948: Allow backslashes in the literal string portion of f-strings, but not in the expressions. Also, require expressions to begin and end with literal curly braces.
2016-09-09 21:56:20 -04:00
10427f4485
[merge from 3.5] - Issue28010 - Make http.client.HTTPConnection.putrequest
...
documentation consistent with the code.
2016-09-08 14:29:23 -07:00
5dc504c3c9
Issue28010 - Make http.client.HTTPConnection.putrequest documentation consistent with the code.
2016-09-08 14:28:01 -07:00
0be894b2f6
Issue #27895 : Spelling fixes (Contributed by Ville Skyttä).
2016-09-07 12:03:06 +00:00
44b548dda8
#27364 : fix "incorrect" uses of escape character in the stdlib.
...
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
6e025608a2
Issue 27921: Remove backslash from another f-string.
2016-09-03 10:43:20 -04:00
15f44ab043
Issue #27895 : Spelling fixes (Contributed by Ville Skyttä).
2016-08-30 10:47:49 -07:00
ef91bb2660
Issue #12319 : Always send file request bodies using chunked encoding
...
The previous attempt to determine the file’s Content-Length gave a false
positive for pipes on Windows.
Also, drop the special case for sending zero-length iterable bodies.
2016-08-27 01:39:26 +00:00
f74c33ad5c
Merge
2016-08-25 21:12:16 -07:00
7ea386e56e
Issue 19504: Change "customise" to "customize" American spelling.
2016-08-25 21:11:50 -07:00
3c0d0baf2b
Issue #12319 : Support for chunked encoding of HTTP request bodies
...
When the body object is a file, its size is no longer determined with
fstat(), since that can report the wrong result (e.g. reading from a pipe).
Instead, determine the size using seek(), or fall back to chunked encoding
for unseekable files.
Also, change the logic for detecting text files to check for TextIOBase
inheritance, rather than inspecting the “mode” attribute, which may not
exist (e.g. BytesIO and StringIO). The Content-Length for text files is no
longer determined ahead of time, because the original logic could have been
wrong depending on the codec and newline translation settings.
Patch by Demian Brecht and Rolf Krahl, with a few tweaks by me.
2016-08-24 06:33:33 +00:00
290b42de73
[merge from 3.5] - Issue #27466 : Change time format returned by
...
http.cookie.time2netscape, confirming the netscape cookie format.
2016-07-10 06:49:49 -07:00
d5b47fb8ce
Issue #27466 : Change time format returned by http.cookie.time2netscape,
...
confirming the netscape cookie format.
2016-07-10 06:45:38 -07:00
40de69ac58
Issue #25738 : Merge HTTP server from 3.5
2016-06-08 09:45:58 +00:00
e42e129ebe
Issue #25738 : Don’t send message body for 205 Reset Content
...
Patch by Susumu Koshiba.
2016-06-08 08:29:13 +00:00
3e04d5b306
Issue #27076 : Merge spelling from 3.5
2016-05-26 06:03:19 +00:00
46f50726a0
Issue #27076 : Doc, comment and tests spelling fixes
...
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
1ce738e08f
Merge typo fixes from 3.5
2016-05-08 14:02:35 +00:00
f0564164ba
Fix typos in comments, documentation and test method names
2016-05-08 13:48:10 +00:00
3a31cca4ab
Issue #24902 : Print server URL on http.server startup
...
Initial patch by Felix Kaiser.
2016-04-29 16:48:11 +03:00
791ac54a44
Issue #26657 : Merge http.server fix from 3.5
2016-04-18 07:16:17 +00:00
d274b3f1f1
Issue #26657 : Fix Windows directory traversal vulnerability with http.server
...
Based on patch by Philipp Hagemeister. This fixes a regression caused by
revision f4377699fd47.
2016-04-18 03:45:18 +00:00
0cab9c1eba
Issue #26404 : Add context manager to socketserver, by Aviv Palivoda
2016-04-13 00:36:52 +00:00
da3bb38452
Issue #26585 : Eliminate _quote_html() and use html.escape(quote=False)
...
Patch by Xiang Zhang.
2016-04-11 00:40:08 +00:00
c86c91aab0
Merge typo fixes from 3.5
2016-04-05 06:20:32 +00:00
cc71a795df
Fix typos in documentation and comments
2016-04-05 06:19:42 +00:00
50badad807
Issue #26586 : Simple enhancements to BaseHTTPRequestHandler by Xiang Zhang
2016-04-03 01:28:53 +00:00
b93e4b2480
Issue #26586 : Merge excessive HTTP header handling from 3.5
2016-04-03 01:28:49 +00:00
acc03195b0
Issue #26586 : Handle excessive header fields in http.server, by Xiang Zhang
2016-04-03 00:45:46 +00:00
ec195fba5b
Issue #26499 : Merge HTTPResponse fix from 3.5
2016-03-17 07:05:34 +00:00
ce911c3fed
Issue #26499 : Fixes to HTTPResponse.readline() and read1(), by Silent Ghost
2016-03-17 06:42:48 +00:00
04bc5b9e48
Issue #747320 : Use email.utils.formatdate() to avoid code duplication
...
in BaseHTTPRequestHandler
Initial patch by karlcow.
2016-03-14 06:06:03 +02:00
0647ef05eb
Issue #16181 : cookiejar.http2time() now returns None if year is higher than datetime.MAXYEAR
2016-03-14 05:48:28 +02:00
20be53e5b5
Issue #16181 : cookiejar.http2time() now returns None if year is higher than datetime.MAXYEAR
2016-03-14 05:48:02 +02:00
b118870490
Issue #26302 : merge from 3.5
2016-02-24 08:50:59 -05:00
192697e33b
Issue #26045 : Merge http.client error addition from 3.5
2016-02-09 11:57:11 +00:00
44391481d7
Issue #26045 : Add UTF-8 suggestion to error in http.client
...
Based on patch by Guido van Rossum.
2016-02-09 10:20:52 +00:00
102d813b55
Issue #26302 : Correctly identify comma as an invalid character for a cookie (correcting regression in Python 3.5).
2016-02-07 05:36:00 +05:00
3fd4a735d8
Issue #25899 : Converted non-ASCII characters in docstrings and manpage
...
to ASCII replacements. Removed UTF-8 BOM from Misc/NEWS.
Original patch by Chris Angelico.
2015-12-18 13:10:37 +02:00
22fd1c262a
Merge typo and grammar fixes from 3.5
2015-11-14 01:29:13 +00:00
32acc16cda
Merge typo and grammar fixes from 3.4 into 3.5
2015-11-14 01:14:25 +00:00
ac34e09bbf
Correct Content-Type syntax in documentation
2015-11-14 00:58:32 +00:00
4a7c03aab4
Issue #25523 : Merge a-to-an corrections from 3.5.
2015-11-02 14:44:29 +02:00
a84f6c3dd3
Issue #25523 : Merge a-to-an corrections from 3.4.
2015-11-02 14:39:05 +02:00
d65c9496da
Issue #25523 : Further a-to-an corrections.
2015-11-02 14:10:23 +02:00
585a6acfef
Merge typo fixes from 3.5
2015-10-07 11:13:55 +00:00
3f930dcd87
Merge typo fixes from 3.4 into 3.5
2015-10-07 11:01:47 +00:00
9955a373a8
Various minor typos in documentation and comments
2015-10-07 10:26:23 +00:00
5e84d037bb
Issues #25232 , #24657 : Merge two CGI server fixes from 3.5
2015-10-03 06:43:19 +00:00
56b76d25dd
Issues #25232 , #24657 : Merge two CGI server fixes from 3.4 into 3.5
2015-10-03 06:03:25 +00:00
cb29e8c0e5
Issue #24657 : Prevent CGIRequestHandler from collapsing the URL query
...
Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc
string.
2015-10-03 05:55:46 +00:00
a02e18a43f
Issue #25232 : Fix CGIRequestHandler's splitting of URL query
...
Patch from Xiang Zhang.
2015-10-03 05:38:07 +00:00
15b87bfedc
Add in missing docstrings.
2015-08-18 22:03:08 -07:00
5409177b62
Issue #24774 : Fix docstring in http.server.test.
...
Patch from Chiu-Hsiang Hsu.
2015-08-17 12:19:19 +12:00
9644f2450d
Issue #24774 : Fix docstring in http.server.test.
...
Patch from Chiu-Hsiang Hsu.
2015-08-17 12:18:35 +12:00
a0e5d981cd
Issue #23888 : Handle fractional time in cookie expiry. Patch by ssh.
2015-08-04 10:06:29 +12:00
f3d9c315b6
Issue #23888 : Handle fractional time in cookie expiry. Patch by ssh.
2015-08-04 10:07:06 +12:00
5a69420062
merge 3.4 ( #22931 )
2015-05-23 10:41:30 -05:00
c4ae86e477
merge 3.3 ( #22931 )
2015-05-23 10:40:47 -05:00
d504f20e1c
merge 3.2 ( #22931 )
2015-05-23 10:38:48 -05:00
9bd476ea57
allow square brackets in cookie values ( closes #22931 )
2015-05-23 10:36:48 -05:00
7e7a3dba5f
Issue #23865 : close() methods in multiple modules now are idempotent and more
...
robust at shutdown. If needs to release multiple resources, they are released
even if errors are occured.
2015-04-10 13:24:41 +03:00
2116b12da5
Issue #23865 : close() methods in multiple modules now are idempotent and more
...
robust at shutdown. If needs to release multiple resources, they are released
even if errors are occured.
2015-04-10 13:29:28 +03:00
cae7bdb424
#3566 : Clean up handling of remote server disconnects.
...
This changeset does two things: introduces a new RemoteDisconnected exception
(that subclasses ConnectionResetError and BadStatusLine) so that a remote
server disconnection can be detected by client code (and provides a better
error message for debugging purposes), and ensures that the client socket is
closed if a ConnectionError happens, so that the automatic re-connection code
can work if the application handles the error and continues on.
Tests are added that confirm that a connection is re-used or not re-used
as appropriate to the various combinations of protocol version and headers.
Patch by Martin Panter, reviewed by Demian Brecht. (Tweaked only slightly by
me.)
2015-04-05 19:26:29 -04:00
46ba6c8563
Issue #22831 : Use "with" to avoid possible fd leaks.
2015-04-04 11:01:02 +03:00
1813c1701f
#2211 : properly document the Morsel behavior changes.
...
Also deprecate the undocumented set argument instead of removing
it already in 3.5.
Initial patch by Demian Brecht.
2015-03-29 17:09:21 -04:00
0a0d20edfb
Merge: #23539 : Set Content-Length to 0 for PUT, POST, and PATCH if body is None.
2015-03-22 15:19:01 -04:00
beed8402ca
#23539 : Set Content-Length to 0 for PUT, POST, and PATCH if body is None.
...
Some http servers will reject PUT, POST, and PATCH requests if they
do not have a Content-Length header.
Patch by James Rutherford, with additional cleaning up of the
'request' documentation by me.
2015-03-22 15:18:23 -04:00
6c32585f67
Restored backward compatibility of pickling http.cookies.Morsel. It was
...
broken after converting instance attributes to properies in issue #2211 .
2015-03-18 18:03:40 +02:00
9c1a9b2657
Issue #2211 : Updated the implementation of the http.cookies.Morsel class.
...
Setting attributes key, value and coded_value directly now is deprecated.
update() and setdefault() now transform and check keys. Comparing for
equality now takes into account attributes key, value and coded_value.
copy() now returns a Morsel, not a dict. repr() now contains all attributes.
Optimized checking keys and quoting values. Added new tests.
Original patch by Demian Brecht.
2015-03-18 10:59:57 +02:00
577fc4e87f
Issue #23138 : Fixed parsing cookies with absent keys or values in cookiejar.
...
Patch by Demian Brecht.
2015-03-13 09:05:01 +02:00
f7cc3fccad
Issue #23138 : Fixed parsing cookies with absent keys or values in cookiejar.
...
Patch by Demian Brecht.
2015-03-13 09:09:35 +02:00
b669bfc2be
Issue #22928 : Disabled HTTP header injections in http.client.
...
Original patch by Demian Brecht.
2015-03-12 11:15:15 +02:00
a112a8ae47
Issue #22928 : Disabled HTTP header injections in http.client.
...
Original patch by Demian Brecht.
2015-03-12 11:13:36 +02:00
c0a23e6320
Issue #21793 : BaseHTTPRequestHandler again logs response code as numeric,
...
not as stringified enum. Patch by Demian Brecht.
2015-03-07 11:51:37 +02:00
abbf0f40bb
Issue #23442 : Rename two member names to stay backward compatible
...
with the constants in http.client.
Initial patch by Demian Brecht.
2015-02-20 14:57:31 +02:00
8e28679417
Issue #23439 : Add missing entries to http.client.__all__.
...
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).
Patch by Martin Panter.
2015-02-20 09:45:05 +02:00
babc688180
Issue #23439 : Add missing entries to http.client.__all__.
...
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).
Patch by Martin Panter.
2015-02-20 09:39:38 +02:00
1130c7f693
merge 3.4 ( #23410 )
2015-02-17 21:13:30 -05:00
70e2847347
document the requestline and close_connection attributes, use real booleans, and add tests ( closes #23410 )
...
Patch by Martin Panter.
2015-02-17 21:11:10 -05:00
6767757589
Issue #23418 : Add missing entries to http.server.__all__.
...
Patch by Martin Panter.
2015-02-13 20:48:41 +02:00
366c570d1f
Issue #23418 : Add missing entries to http.server.__all__.
...
Patch by Martin Panter.
2015-02-13 20:48:15 +02:00
ab53ab0a84
Issue #13128 : Print response headers for CONNECT requests when debuglevel > 0.
...
Patch by Demian Brecht.
2015-02-03 12:22:11 +02:00
9d8a3ad02a
http.client: disable Nagle's algorithm ( closes #23302 )
...
Patch by Demian Brecht.
2015-01-23 11:02:57 -05:00
cb18b95ab8
Issue #20898 : Add a "HTTP status codes" section to avoid duplication in HTTP docs.
...
This commit also removes a couple of non-standard status codes. They were
added as part of edf669b13482, so there is no backwards compatibility issue.
Patch by Demian Brecht.
2015-01-20 06:30:46 +02:00
5b883296f6
merge 3.4 ( #22986 )
2015-01-16 20:46:37 -05:00
bd341629b0
capitialize "HttpOnly" and "Secure" as they appear in the standard and other impls ( closes #23250 )
...
Patch by Jon Dufresne.
2015-01-16 20:43:55 -05:00
610bc6a211
merge 3.4 ( #23221 )
2015-01-13 09:20:31 -05:00
82f34ada45
fix instances of consecutive articles ( closes #23221 )
...
Patch by Karan Goel.
2015-01-13 09:17:24 -05:00
fe975a234f
merge 3.4 ( #23112 )
2014-12-26 10:56:51 -06:00
94cb7a2429
fix behavior of trailing slash redirection when a query string is involved ( closes #23112 )
2014-12-26 10:53:43 -06:00
e4db76967d
Issue #21793 : Added http.HTTPStatus enums (i.e. HTTPStatus.OK,
...
HTTPStatus.NOT_FOUND). Patch by Demian Brecht.
2014-12-23 16:28:28 +02:00
4ac7ed97a8
Issue #22095 : Fixed HTTPConnection.set_tunnel with default port. The port
...
value in the host header was set to "None". Patch by Demian Brecht.
2014-12-12 09:29:15 +02:00
a090f01bb6
HTTPSConnection: prefer the context's check_hostname attribute over the constructor parameter ( #22959 )
2014-12-07 13:18:25 -05:00
b491e0521f
Issue #21032 . Fixed socket leak if HTTPConnection.getresponse() fails.
...
Original patch by Martin Panter.
2014-12-01 13:07:45 +02:00
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
d4a001b23c
Issue #22095 : Fixed HTTPConnection.set_tunnel with default port. The port
...
value in the host header was set to "None". Patch by Demian Brecht.
2014-12-12 09:30:18 +02:00
b46247bee5
merge 3.4 ( #22959 )
2014-12-07 13:47:34 -05:00
2205da43a6
Issue #21032 . Fixed socket leak if HTTPConnection.getresponse() fails.
...
Original patch by Martin Panter.
2014-12-01 13:10:12 +02:00
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00
b1e36073cd
Issue #22796 : HTTP cookie parsing is now stricter, in order to protect against potential injection attacks.
2014-11-21 01:20:57 +01:00
1cca273669
merge 3.4 ( #22417 )
2014-11-03 14:36:48 -05:00
4ffb075271
PEP 476: enable HTTPS certificate verification by default ( #22417 )
...
Patch by Alex Gaynor with some modifications by me.
2014-11-03 14:29:33 -05:00
2cb0e73a89
Issue #22775 : Fixed unpickling of http.cookies.SimpleCookie with protocol 2
...
and above. Patch by Tim Graham.
2014-11-02 22:19:56 +02:00
8cf7c1cff0
Issue #22775 : Fixed unpickling of http.cookies.SimpleCookie with protocol 2
...
and above. Patch by Tim Graham.
2014-11-02 22:18:25 +02:00
55e614a2a8
Issue #11957 : Explicit parameter name when calling re.split() and re.sub()
2014-10-29 16:58:59 +01:00
0d54887326
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:27:26 +02:00
637e4544af
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:25:57 +02:00
7d0b8f95e7
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
41a08e557a
Issue #22165 : SimpleHTTPRequestHandler now supports undecodable file names.
2014-08-17 08:24:49 +03:00
cb5bc408ad
Issue #22165 : SimpleHTTPRequestHandler now supports undecodable file names.
2014-08-17 08:22:11 +03:00
465e60e654
Issue #22033 : Reprs of most Python implemened classes now contain actual
...
class name instead of hardcoded one.
2014-07-25 23:36:00 +03:00
fbc877b794
Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value.
2014-07-22 11:10:37 +03:00
1392df96ef
Fixed bugs in reprs of CookieJar and multiprocessing.dummy.Value.
2014-07-22 11:09:36 +03:00
55966193f2
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:20:15 -07:00
5d0d2e6ed6
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:16:56 -07:00
217f4cd7ee
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:12:39 -07:00
915a30fb0d
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
ff180af057
merge 3.4 ( #21766 )
2014-06-14 18:41:31 -07:00
a8c75fe31a
merge 3.3 ( #21766 )
2014-06-14 18:41:13 -07:00
6cd1954c5c
merge 3.2 ( #21766 )
2014-06-14 18:40:10 -07:00
73b8b1cdb8
url unquote the path before checking if it refers to a CGI script ( closes #21766 )
2014-06-14 18:36:29 -07:00
166214c344
merge from 3.4
...
Issue #7776 : Fix ``Host:'' header and reconnection when using http.client.HTTPConnection.set_tunnel()
Patch by Nikolaus Rath.
2014-04-14 13:10:05 -04:00
9da047b3a5
Issue #7776 : Fix ``Host:'' header and reconnection when using http.client.HTTPConnection.set_tunnel().
...
Patch by Nikolaus Rath.
2014-04-14 13:07:56 -04:00
Lisa Roach