[SPAM] Re: [PATCH] [0.13] Bug #74759

[Vincent Ladeuil]

>>>>> "jam" == John Arbash Meinel <john at arbash-meinel.com> writes:

<snip/>

    jam> Interesting, we've *never* used urllib.splitpasswd. I suppose it does
    jam> approximately the same thing. Looking closely at it, it uses a regex to
    jam> split on the right ':' character.
    jam> Which I guess is just the first one. I'm not sure why:

    jam> _passwdprog = re.compile('^([^:]*):(.*)$')
    jam> is better than
    jam> try:
    jam>   user, password = user.split(':', 1)
    jam> except IndexError:
    jam>   password = None

Because it uses a regexp ? ;)

Both will fail on:

vila:xxx:wer at host

I want to avoid requiring users to embed their password in the
url so the problem will not be critical. One day.

    jam> Also, though. I think our implementation does some url
    jam> encode/decode steps. I'm not 100% sure why, but I would
    jam> guess that it needs to for some reason. (It may be that
    jam> we have taking what the user supplied and already
    jam> applied url encoding to it, or it may be the only way
    jam> for the user to supply unsafe characters.)

Typing them on request is even safer ;)

       Vincent