svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87952 | benjamin.peterson | 2011-01-12 09:24:27 -0600 (Wed, 12 Jan 2011) | 1 line
move this test to test_descr; it's not abc specific
........
r87953 | benjamin.peterson | 2011-01-12 09:25:02 -0600 (Wed, 12 Jan 2011) | 1 line
oops, wrong class
........
r87954 | benjamin.peterson | 2011-01-12 09:34:01 -0600 (Wed, 12 Jan 2011) | 1 line
don't segfault on deleting __abstractmethods__ #10892
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines
#5871: protect against header injection attacks.
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header. Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks. (As far as we know this has never been exploited.)
Thanks to Jakub Wilk for reporting this vulnerability.
........
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header. Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks. (As far as we know this has never been exploited.)
Thanks to Jakub Wilk for reporting this vulnerability.
This applies only when generating strings from non-RFC compliant binary
input; it makes the existing recoding behavior more consistent (ie:
now no data is lost when recoding).
Before this patch if a value being encoded had an embedded newline,
the line following the newline would have no leading whitespace,
and the whitespace it did have was encoded into the word. Now
the existing whitespace gets turned into a blank, the way it does
in other header reformatting, and the _continuation_ws gets added
at the beginning of the encoded line.
function will now format any year when time.accept2dyear is false and
will accept years >= 1000 otherwise. The year range accepted by
time.mktime and time.strftime is still system dependent, but
time.mktime will now accept full range supported by the OS. Conversion
of 2-digit years to 4-digit is deprecated.
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87797 | antoine.pitrou | 2011-01-06 18:17:04 +0100 (jeu., 06 janv. 2011) | 4 lines
Issue #3839: wsgiref should not override a Content-Length header set by
the application. Initial patch by Clovis Fabricio.
........
