Issue 1574068: urllib2 - Fix line breaks in authorization headers (original) (raw)

Created on 2006-10-09 21:40 by scott.dial, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (5)
msg51218 - (view)	Author: Scott Dial (scott.dial)	Date: 2006-10-09 21:40
urllib2 uses the wrong base64 encode function from the base64 library. This patch corrects that. Original bug report from "The Doctor What" <docwhat+list.python-dev@gerf.org> I found a bug in urllib2's handling of basic HTTP authentication. urllib2 uses the base64.encodestring() method to encode the username:password. The problem is that base64.encodestring() adds newlines to wrap the encoded characters at the 76th column. This produces bogus request headers like this: ---------->8---------cut---------8<---------------- GET /some/url HTTP/1.1 Host: some.host Accept-Encoding: identity Authorization: Basic cmVhbGx5bG9uZ3VzZXJuYW1lOmFuZXZlbmxvbmdlcnBhc3N3b3JkdGhhdGdvZXNvbmFuZG9uYW5k b25hbmRvbmFuZG9u User-agent: some-agent ---------->8---------cut---------8<----------------
msg51219 - (view)	Author: John J Lee (jjlee)	Date: 2006-10-10 00:13
Logged In: YES user_id=261020 urllib should also be fixed.
msg51220 - (view)	Author: Scott Dial (scott.dial)	Date: 2006-10-10 00:33
Logged In: YES user_id=383208 Ah yes, you are correct that urllib has the same problem. I have attached a patch to correct all of those instances as well. It is note-worthy that the one usage of decodestring in urllib is correct (as it is decoding the body of the response and should reasonably expect to see newlines in that encoding).
msg51221 - (view)	Author: Christian Höltje (docwhat)	Date: 2006-10-10 14:00
Logged In: YES user_id=267 Cool! I'm glad my bug report helped. :-)
msg51222 - (view)	Author: A.M. Kuchling (akuchling) *	Date: 2006-10-27 17:14
Logged In: YES user_id=11375 Good fix -- applied to the trunk (rev. 52481) and 25-maint (rev. 52482). Thanks for the patch and for the bug report!