-
-
Notifications
You must be signed in to change notification settings - Fork 29.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3.5] bpo-39603: Prevent header injection in http methods (GH-18485) #21946
Conversation
Notes on the backport:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@larryhastings: The CI passed and 3 core dev approved the PR. Would you mind to merge it? |
@larryhastings: Please replace |
Thanks for the backport! This miiiiight be the last checkin for 3.5 ever... we'll see! |
00354 # Reject control chars in HTTP method in httplib.putrequest to prevent HTTP header injection Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib): - https://bugs.python.org/issue39603 - python#18485 (3.10) - python#21946 (3.5) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
00354 # Reject control chars in HTTP method in httplib.putrequest to prevent HTTP header injection Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib): - https://bugs.python.org/issue39603 - python#18485 (3.10) - python#21946 (3.5) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
00354 # Reject control chars in HTTP method in httplib.putrequest to prevent HTTP header injection Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib): - https://bugs.python.org/issue39603 - python#18485 (3.10) - python#21946 (3.5) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
00354 # Reject control chars in HTTP method in httplib.putrequest to prevent HTTP header injection Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib): - https://bugs.python.org/issue39603 - python#18485 (3.10) - python#21946 (3.5) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
reject control chars in http method in http.client.putrequest to prevent http header injection
(cherry picked from commit 8ca8a2e)
https://bugs.python.org/issue39603