delta/cpython-git.git/Lib/http, branch 3.10 github.com: python/cpython.git [3.10] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) (#104119) 2023-05-09T15:21:53+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2023-05-09T15:21:53+00:00 d77e77c363a170f4435cbe826628b6a347654d9e gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> 
gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067)

Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure)

---------

(cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a)

Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
 [3.10] gh-103112: Add http.client.HTTPResponse.read docstring and fix pydoc output (GH-103113) (#103120) 2023-03-29T22:30:27+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2023-03-29T22:30:27+00:00 3a27be79527368804c3a1c19c5bbe07a8e8ce41e (cherry picked from commit d052a383f1a0c599c176a12c73a761ca00436d8b) Co-authored-by: Bernhard Wagner <github.comNotification20120125@xmlizer.net> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> Co-authored-by: Éric <merwok@netwok.org> 
(cherry picked from commit d052a383f1a0c599c176a12c73a761ca00436d8b)

Co-authored-by: Bernhard Wagner <github.comNotification20120125@xmlizer.net>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Éric <merwok@netwok.org>
 [3.10] gh-100474: Fix handling of dirs named index.html in http.server (GH-100504) 2022-12-24T20:29:21+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-12-24T20:29:21+00:00 ecbf136702267857b261a81b64f234965b9de913 Co-authored-by: James Frost <git@frost.cx> 
Co-authored-by: James Frost <git@frost.cx>
 gh-100001: Also escape \s in http.server log messages. (GH-100038) 2022-12-05T22:47:57+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-12-05T22:47:57+00:00 aae7b43ca3d2bb2028370b8252ccb51006827429 Also \ escape \s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a \xHH is ambiguious as to if it is a hex replacement we put in or the characters r"\x" came through in the original request line. (cherry picked from commit 7e29398407dbd53b714702abb89aa2fd7baca48a) Co-authored-by: Gregory P. Smith <greg@krypto.org> 
Also \ escape \s in the http.server BaseHTTPRequestHandler.log_message so
that it is technically possible to parse the line and reconstruct what the
original data was.  Without this a \xHH is ambiguious as to if it is a hex
replacement we put in or the characters r"\x" came through in the original
request line.
(cherry picked from commit 7e29398407dbd53b714702abb89aa2fd7baca48a)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
 gh-100001: Omit control characters in http.server stderr logs. (GH-100002) 2022-12-05T21:16:14+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-12-05T21:16:14+00:00 ec8c06bc28b29b62d31b953e54f1d8d8535faa80 Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to. (cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828) Co-authored-by: Gregory P. Smith <greg@krypto.org> 
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
 Document that MozillaCookieJar works for curl's cookie files (GH-91852) 2022-10-03T23:00:40+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-10-03T23:00:40+00:00 f8a3c4cb83ec277d6a4ee1392165960d3bd56426 MozillaCookieJar works for curl's cookies (cherry picked from commit 0ea8b925d096629852d1045c2c53ff6ad63199cc) Co-authored-by: Boris Verkhovskiy <boris.verk@gmail.com> 
MozillaCookieJar works for curl's cookies
(cherry picked from commit 0ea8b925d096629852d1045c2c53ff6ad63199cc)

Co-authored-by: Boris Verkhovskiy <boris.verk@gmail.com>
 Run Tools/scripts/reindent.py (#94225) (#94291) 2022-06-26T10:39:16+00:00 Victor Stinner vstinner@python.org 2022-06-26T10:39:16+00:00 4b1144ced142be2765f5d14c9632cee2b75748f2 Reindent files which were not properly formatted (PEP 8: 4 spaces). Remove also some trailing spaces. (cherry picked from commit e87ada48a9e5d9d03f9759138869216df0d7383a) 
Reindent files which were not properly formatted (PEP 8: 4 spaces).

Remove also some trailing spaces.

(cherry picked from commit e87ada48a9e5d9d03f9759138869216df0d7383a)
 gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) 2022-06-21T21:36:55+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-06-21T21:36:55+00:00 5715382d3a89ca118ce2e224d8c69550d21fe51b Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) Co-authored-by: Gregory P. Smith <greg@krypto.org> 
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
 bpo-46436: Fix command-line option -d/--directory in module http.server (GH-30701) 2022-02-14T20:12:30+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2022-02-14T20:12:30+00:00 b27195332e91e932501f16cf9877761b218a9c99 Fix command-line option -d/--directory in http.server main function that was ignored when combined with --cgi. Automerge-Triggered-By: GH:merwok (cherry picked from commit 2d080347d74078a55c47715d232d1ab8dc8cd603) Co-authored-by: Géry Ogam <gery.ogam@gmail.com> Co-authored-by: Géry Ogam <gery.ogam@gmail.com> 
Fix command-line option -d/--directory in http.server main
function that was ignored when combined with --cgi.

Automerge-Triggered-By: GH:merwok
(cherry picked from commit 2d080347d74078a55c47715d232d1ab8dc8cd603)

Co-authored-by: Géry Ogam <gery.ogam@gmail.com>

Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
 bpo-45328: Avoid failure in OSs without TCP_NODELAY support (GH-28646) (GH-28771) 2021-10-06T18:29:23+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2021-10-06T18:29:23+00:00 4c35a2aa80d7f55573d83651883d8733fac01e31 Operating systems without support for TCP_NODELAY will raise an OSError when trying to set the socket option, but the show can still go on. (cherry picked from commit 0571b934f5f9198c3461a7b631d7073ac0a5676f) Co-authored-by: rtobar <rtobarc@gmail.com> 
Operating systems without support for TCP_NODELAY will raise an OSError
when trying to set the socket option, but the show can still go on.
(cherry picked from commit 0571b934f5f9198c3461a7b631d7073ac0a5676f)

Co-authored-by: rtobar <rtobarc@gmail.com>