Rev 4798: Protect access to 'user' and 'password' auth attributes. in file:///home/vila/src/bzr/reviews/395714-auth-redirect/
Vincent Ladeuil
v.ladeuil+lp at free.fr
Wed Nov 25 15:02:09 GMT 2009
At file:///home/vila/src/bzr/reviews/395714-auth-redirect/
------------------------------------------------------------
revno: 4798
revision-id: v.ladeuil+lp at free.fr-20091125150209-v3vxrbs38qq54ade
parent: v.ladeuil+lp at free.fr-20091125145826-ovaxu5eivklm14gw
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: 395714-auth-redirect
timestamp: Wed 2009-11-25 16:02:09 +0100
message:
Protect access to 'user' and 'password' auth attributes.
* bzrlib/transport/http/_urllib2_wrappers.py:
(BasicAuthHandler.auth_match, DigestAuthHandler.auth_match):
'user' and 'password' may not be set.
-------------- next part --------------
=== modified file 'NEWS'
--- a/NEWS 2009-11-12 17:06:56 +0000
+++ b/NEWS 2009-11-25 15:02:09 +0000
@@ -45,8 +45,8 @@
* The fix for bug #186920 accidentally broke compatibility with python
2.4. (Vincent Ladeuil, #475585)
-* Fixed bug with redirected URLs over authenticated HTTP. (Glen Mailer,
- Neil Martinsen-Burrell, #395714)
+* Fixed bug with redirected URLs over authenticated HTTP.
+ (Glen Mailer, Neil Martinsen-Burrell, #395714)
Improvements
=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py 2009-11-25 14:58:26 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py 2009-11-25 15:02:09 +0000
@@ -1308,7 +1308,8 @@
# Put useful info into auth
self.update_auth(auth, 'scheme', scheme)
self.update_auth(auth, 'realm', realm)
- if auth['user'] is None or auth['password'] is None:
+ if (auth.get('user', None) is None
+ or auth.get('password', None) is None):
user, password = self.get_user_password(auth)
self.update_auth(auth, 'user', user)
self.update_auth(auth, 'password', password)
@@ -1373,7 +1374,7 @@
# Put useful info into auth
self.update_auth(auth, 'scheme', scheme)
self.update_auth(auth, 'realm', realm)
- if auth['user'] is None or auth['password'] is None:
+ if auth.get('user', None) is None or auth.get('password', None) is None:
user, password = self.get_user_password(auth)
self.update_auth(auth, 'user', user)
self.update_auth(auth, 'password', password)
More information about the bazaar-commits
mailing list