diff options
Diffstat (limited to 'Lib/http/client.py')
| -rw-r--r-- | Lib/http/client.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index f61267e108..333eadb072 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -1089,10 +1089,7 @@ class HTTPConnection: self._method = method if not url: url = '/' - # Prevent CVE-2019-9740. - if match := _contains_disallowed_url_pchar_re.search(url): - raise InvalidURL(f"URL can't contain control characters. {url!r} " - f"(found at least {match.group()!r})") + self._validate_url(url) request = '%s %s %s' % (method, url, self._http_vsn_str) # Non-ASCII characters should have been eliminated earlier @@ -1174,6 +1171,17 @@ class HTTPConnection: # For HTTP/1.0, the server will assume "not chunked" pass + def _validate_url(self, url): + """Validate a url for putrequest""" + # Prevent CVE-2019-9740. + if match := _contains_disallowed_url_pchar_re.search(url): + raise InvalidURL(f"URL can't contain control characters. {url!r} " + f"(found at least {match.group()!r})") + + def _encode_request(self, request): + """Encode a request line for putrequest""" + return request.encode('ascii') + def putheader(self, header, *values): """Send a request header line to the server. |