[PATCH] [0.13] Bug #74759

[John Arbash Meinel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vincent Ladeuil wrote:
>>>>>> "aaron" == Aaron Bentley <aaron.bentley at utoronto.ca> writes:
> 
>     aaron> Aaron Bentley has voted +1.
>     aaron> Status is now: Approved
>     aaron> Comment:
> 
>     aaron> I know I don't often approve your patches.  It's
>     aaron> nothing personal, it's just that you tend to work in
>     aaron> areas that I'm not comfortable with.
> 
> No problem.
> 
>     aaron> That username/password parsing looks kinda sketchy,
>     aaron> though.  There's nothing built into urlparse et al?
> 
> Indeed. I just copy/pasted the code from urllib2 but I will look
> into that later (I plan to add tests for http authentication
> (plain and proxy) and enhance a bit the urllib implementation),
> I'll take that into account then.
> 
> And yes, there is an urllib.splitpasswd function.
> 
>        Vincent

Interesting, we've *never* used urllib.splitpasswd. I suppose it does
approximately the same thing. Looking closely at it, it uses a regex to
split on the right ':' character.
Which I guess is just the first one. I'm not sure why:

_passwdprog = re.compile('^([^:]*):(.*)$')
is better than
try:
  user, password = user.split(':', 1)
except IndexError:
  password = None

Also, though. I think our implementation does some url encode/decode
steps. I'm not 100% sure why, but I would guess that it needs to for
some reason. (It may be that we have taking what the user supplied and
already applied url encoding to it, or it may be the only way for the
user to supply unsafe characters.)

John
=:->


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFgDTPJdeBCYSNAAMRAopKAJsHlL93aYMyB7egjNX9Rl00rlMM1wCfXtJY
KpQeSk7e8xpyrh3W3m4+vt0=
=aiJT
-----END PGP SIGNATURE-----