summaryrefslogtreecommitdiff
path: root/Lib
diff options
context:
space:
mode:
Diffstat (limited to 'Lib')
-rw-r--r--Lib/urllib.py5
-rw-r--r--Lib/urllib2.py5
2 files changed, 6 insertions, 4 deletions
diff --git a/Lib/urllib.py b/Lib/urllib.py
index 09ce8c57e8..b835f52f23 100644
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -643,10 +643,11 @@ class FancyURLopener(URLopener):
newurl = basejoin(self.type + ":" + url, newurl)
# For security reasons we do not allow redirects to protocols
- # other than HTTP or HTTPS.
+ # other than HTTP, HTTPS or FTP.
newurl_lower = newurl.lower()
if not (newurl_lower.startswith('http://') or
- newurl_lower.startswith('https://')):
+ newurl_lower.startswith('https://') or
+ newurl_lower.startswith('ftp://')):
return
void = fp.read()
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index db7ce81845..0bb69a0130 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -556,10 +556,11 @@ class HTTPRedirectHandler(BaseHandler):
newurl = urlparse.urljoin(req.get_full_url(), newurl)
# For security reasons we do not allow redirects to protocols
- # other than HTTP or HTTPS.
+ # other than HTTP, HTTPS or FTP.
newurl_lower = newurl.lower()
if not (newurl_lower.startswith('http://') or
- newurl_lower.startswith('https://')):
+ newurl_lower.startswith('https://') or
+ newurl_lower.startswith('ftp://')):
return
# XXX Probably want to forget about the state of the current
View Lorry Controller Status