fix urllib.parse sanitization

author: Matti Picus <matti.picus@gmail.com> 2021-05-05 05:46:21 +0300
committer: Matti Picus <matti.picus@gmail.com> 2021-05-05 05:46:21 +0300
commit: 3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9 (patch)
tree: 3666e398d418662c0c270a5152771ec3b7a14be7
parent: urllib.parse should sanitize urls containing ASCII newline and tabs (BPO 43882) (diff)
download: pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.tar.gz
pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.tar.bz2
pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/lib-python/3/urllib/parse.py b/lib-python/3/urllib/parse.py
index f5ecd65d09..e41ab2acfb 100644
--- a/lib-python/3/urllib/parse.py
+++ b/lib-python/3/urllib/parse.py
@@ -427,6 +427,10 @@ def urlsplit(url, scheme='', allow_fragments=True):
     if len(_parse_cache) >= MAX_CACHE_SIZE: # avoid runaway growth
         clear_cache()
     netloc = query = fragment = ''
+
+    for b in _UNSAFE_URL_BYTES_TO_REMOVE:
+        url = url.replace(b, "")
+
     i = url.find(':')
     if i > 0:
         if url[:i] == 'http': # optimize the common case
@@ -455,9 +459,6 @@ def urlsplit(url, scheme='', allow_fragments=True):
                 # not a port number
                 scheme, url = url[:i].lower(), rest
 
-    for b in _UNSAFE_URL_BYTES_TO_REMOVE:
-        url = url.replace(b, "")
-
     if url[:2] == '//':
         netloc, url = _splitnetloc(url, 2)
         if (('[' in netloc and ']' not in netloc) or
author	Matti Picus <matti.picus@gmail.com>	2021-05-05 05:46:21 +0300
committer	Matti Picus <matti.picus@gmail.com>	2021-05-05 05:46:21 +0300
commit	3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9 (patch)
tree	3666e398d418662c0c270a5152771ec3b7a14be7
parent	urllib.parse should sanitize urls containing ASCII newline and tabs (BPO 43882) (diff)
download	pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.tar.gz pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.tar.bz2 pypy-3e0365ed9dd7152dc04bd8ce6be1e389bd01ccf9.zip