Rev 4798: Protect access to 'user' and 'password' auth attributes. in file:///home/vila/src/bzr/reviews/395714-auth-redirect/

Vincent Ladeuil v.ladeuil+lp at free.fr
Wed Nov 25 15:02:09 GMT 2009 

At file:///home/vila/src/bzr/reviews/395714-auth-redirect/

------------------------------------------------------------
revno: 4798
revision-id: v.ladeuil+lp at free.fr-20091125150209-v3vxrbs38qq54ade
parent: v.ladeuil+lp at free.fr-20091125145826-ovaxu5eivklm14gw
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: 395714-auth-redirect
timestamp: Wed 2009-11-25 16:02:09 +0100
message:
  Protect access to 'user' and 'password' auth attributes.
  
  * bzrlib/transport/http/_urllib2_wrappers.py:
  (BasicAuthHandler.auth_match, DigestAuthHandler.auth_match):
  'user' and 'password' may not be set.
-------------- next part --------------
=== modified file 'NEWS'
--- a/NEWS	2009-11-12 17:06:56 +0000
+++ b/NEWS	2009-11-25 15:02:09 +0000
@@ -45,8 +45,8 @@
 * The fix for bug #186920 accidentally broke compatibility with python
   2.4.  (Vincent Ladeuil, #475585)
 
-* Fixed bug with redirected URLs over authenticated HTTP.  (Glen Mailer,
-  Neil Martinsen-Burrell, #395714)
+* Fixed bug with redirected URLs over authenticated HTTP.
+  (Glen Mailer, Neil Martinsen-Burrell, #395714)
 
 
 Improvements

=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2009-11-25 14:58:26 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2009-11-25 15:02:09 +0000
@@ -1308,7 +1308,8 @@
             # Put useful info into auth
             self.update_auth(auth, 'scheme', scheme)
             self.update_auth(auth, 'realm', realm)
-            if auth['user'] is None or auth['password'] is None:
+            if (auth.get('user', None) is None
+                or auth.get('password', None) is None):
                 user, password = self.get_user_password(auth)
                 self.update_auth(auth, 'user', user)
                 self.update_auth(auth, 'password', password)
@@ -1373,7 +1374,7 @@
         # Put useful info into auth
         self.update_auth(auth, 'scheme', scheme)
         self.update_auth(auth, 'realm', realm)
-        if auth['user'] is None or auth['password'] is None:
+        if auth.get('user', None) is None or auth.get('password', None) is None:
             user, password = self.get_user_password(auth)
             self.update_auth(auth, 'user', user)
             self.update_auth(auth, 'password', password)

More information about the bazaar-commits mailing list