Issue 1574068: urllib2 - Fix line breaks in authorization headers

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/44105

classification

Title:	urllib2 - Fix line breaks in authorization headers
Type:		Stage:
Components:	Library (Lib)	Versions:

process

Status:	closed	Resolution:	accepted
Dependencies:		Superseder:
Assigned To:	akuchling	Nosy List:	akuchling, docwhat, jjlee, scott.dial
Priority:	normal	Keywords:	patch

Created on 2006-10-09 21:40 by scott.dial, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
urllib2-base64.patch	scott.dial, 2006-10-09 21:40	Patch to correct urllib2.py
urllib-base64.patch	scott.dial, 2006-10-10 00:33	Patch to correct urllib.py

Messages (5)
msg51218 - (view)	Author: Scott Dial (scott.dial)	Date: 2006-10-09 21:40
urllib2 uses the wrong base64 encode function from the base64 library. This patch corrects that. Original bug report from "The Doctor What" <docwhat+list.python-dev@gerf.org> I found a bug in urllib2's handling of basic HTTP authentication. urllib2 uses the base64.encodestring() method to encode the username:password. The problem is that base64.encodestring() adds newlines to wrap the encoded characters at the 76th column. This produces bogus request headers like this: ---------->8---------cut---------8<---------------- GET /some/url HTTP/1.1 Host: some.host Accept-Encoding: identity Authorization: Basic cmVhbGx5bG9uZ3VzZXJuYW1lOmFuZXZlbmxvbmdlcnBhc3N3b3JkdGhhdGdvZXNvbmFuZG9uYW5k b25hbmRvbmFuZG9u User-agent: some-agent ---------->8---------cut---------8<----------------
msg51219 - (view)	Author: John J Lee (jjlee)	Date: 2006-10-10 00:13
Logged In: YES user_id=261020 urllib should also be fixed.
msg51220 - (view)	Author: Scott Dial (scott.dial)	Date: 2006-10-10 00:33
Logged In: YES user_id=383208 Ah yes, you are correct that urllib has the same problem. I have attached a patch to correct all of those instances as well. It is note-worthy that the one usage of decodestring in urllib is correct (as it is decoding the body of the response and should reasonably expect to see newlines in that encoding).
msg51221 - (view)	Author: Christian Höltje (docwhat)	Date: 2006-10-10 14:00
Logged In: YES user_id=267 Cool! I'm glad my bug report helped. :-)
msg51222 - (view)	Author: A.M. Kuchling (akuchling) *	Date: 2006-10-27 17:14
Logged In: YES user_id=11375 Good fix -- applied to the trunk (rev. 52481) and 25-maint (rev. 52482). Thanks for the patch and for the bug report!

History
Date	User	Action	Args
2022-04-11 14:56:20	admin	set	github: 44105
2006-10-09 21:40:51	scott.dial	create