bpo-36274: Add hooks for validating a URL and encoding a request such that clients can enact malicious behavior when needed.feature/putrequest-hooks

1 files changed, 12 insertions, 4 deletions

diff --git a/Lib/http/client.py b/Lib/http/client.py
index f61267e108..333eadb072 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -1089,10 +1089,7 @@ class HTTPConnection:
         self._method = method
         if not url:
             url = '/'
-        # Prevent CVE-2019-9740.
-        if match := _contains_disallowed_url_pchar_re.search(url):
-            raise InvalidURL(f"URL can't contain control characters. {url!r} "
-                             f"(found at least {match.group()!r})")
+        self._validate_url(url)
         request = '%s %s %s' % (method, url, self._http_vsn_str)
 
         # Non-ASCII characters should have been eliminated earlier
@@ -1174,6 +1171,17 @@ class HTTPConnection:
             # For HTTP/1.0, the server will assume "not chunked"
             pass
 
+    def _validate_url(self, url):
+        """Validate a url for putrequest"""
+        # Prevent CVE-2019-9740.
+        if match := _contains_disallowed_url_pchar_re.search(url):
+            raise InvalidURL(f"URL can't contain control characters. {url!r} "
+                             f"(found at least {match.group()!r})")
+
+    def _encode_request(self, request):
+        """Encode a request line for putrequest"""
+        return request.encode('ascii')
+
     def putheader(self, header, *values):
         """Send a request header line to the server.