-
- Downloads
[3.6] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24532)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by:Éric Araujo <merwok@netwok.org> Co-authored-by:
Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by:
Adam Goldschmidt <adamgold7@gmail.com>
Showing
- Doc/library/cgi.rst 5 additions, 3 deletionsDoc/library/cgi.rst
- Doc/library/urllib.parse.rst 20 additions, 2 deletionsDoc/library/urllib.parse.rst
- Doc/whatsnew/3.6.rst 13 additions, 0 deletionsDoc/whatsnew/3.6.rst
- Lib/cgi.py 11 additions, 6 deletionsLib/cgi.py
- Lib/test/test_cgi.py 24 additions, 5 deletionsLib/test/test_cgi.py
- Lib/test/test_urlparse.py 46 additions, 22 deletionsLib/test/test_urlparse.py
- Lib/urllib/parse.py 14 additions, 5 deletionsLib/urllib/parse.py
- Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst 1 addition, 0 deletions....d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
Loading
Please register or sign in to comment