[3.3][security] bpo-22928: Disabled HTTP header injections in http.client by vstinner · Pull Request #2861 · python/cpython (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation4 Commits1 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
Original patch by Demian Brecht.
Changed for the 3.3 backport:
- remove subTest() from change
- _is_legal_header_name regex: replace .fullmatch with .match, but
add \A at start and \Z at end of the regex
(cherry picked from commit a112a8a)
https://bugs.python.org/issue22928
Original patch by Demian Brecht.
Changed for the 3.3 backport:
- remove subTest() from change
- _is_legal_header_name regex: replace .fullmatch with .match, but add \A at start and \Z at end of the regex
(cherry picked from commit a112a8a)
[3.3][security] Issue #22928: Disabled HTTP header injections in http.client. [3.3][security] bpo-22928: Disabled HTTP header injections in http.client
About the CI: test_pty failed once, but passed when run again.
It seems like on 3.3, if a test fails once, the overall test suite is considered as failed, even if the test pass when run again. On all other branches, regrtest would succeed in that case.
I scheduled a new Travis CI run and now all tests fail (test_pty didn't fail).