mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed a security issue in get_host.

Browse Source 
Full disclosure and new release forthcoming.
This commit is contained in:
Florian Apolloner
2012-11-27 22:19:37 +01:00
parent a2f2a39956
commit 27560924ec
3 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/regressiontests/requests/tests.py
View File

@@ -116,13 +116,15 @@ class RequestsTests(unittest.TestCase):
'12.34.56.78:443',
'[2001:19f0:feee::dead:beef:cafe]',
'[2001:19f0:feee::dead:beef:cafe]:8080',
'xn--4ca9at.com', # Punnycode for öäü.com
]
poisoned_hosts = [
'example.com@evil.tld',
'example.com:dr.frankenstein@evil.tld',
'example.com:someone@somestie.com:80',
'example.com:80/badpath'
'example.com:dr.frankenstein@evil.tld:80',
'example.com:80/badpath',
'example.com: recovermypassword.com',
]
for host in legit_hosts:
@@ -186,13 +188,15 @@ class RequestsTests(unittest.TestCase):
'12.34.56.78:443',
'[2001:19f0:feee::dead:beef:cafe]',
'[2001:19f0:feee::dead:beef:cafe]:8080',
'xn--4ca9at.com', # Punnycode for öäü.com
]
poisoned_hosts = [
'example.com@evil.tld',
'example.com:dr.frankenstein@evil.tld',
'example.com:dr.frankenstein@evil.tld:80',
'example.com:80/badpath'
'example.com:80/badpath',
'example.com: recovermypassword.com',
]
for host in legit_hosts: