diff options
Diffstat (limited to 'python2/httplib2/__init__.py')
-rw-r--r-- | python2/httplib2/__init__.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py index 9057d1f..f35ba48 100644 --- a/python2/httplib2/__init__.py +++ b/python2/httplib2/__init__.py @@ -19,7 +19,7 @@ __contributors__ = [ "Alex Yu", ] __license__ = "MIT" -__version__ = '0.17.2' +__version__ = "0.18.1" import base64 import calendar @@ -129,7 +129,7 @@ if ssl is None: _ssl_wrap_socket = _ssl_wrap_socket_unsupported if sys.version_info >= (2, 3): - from iri2uri import iri2uri + from .iri2uri import iri2uri else: def iri2uri(uri): @@ -1985,6 +1985,9 @@ class Http(object): headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__ uri = iri2uri(uri) + # Prevent CWE-75 space injection to manipulate request via part of uri. + # Prevent CWE-93 CRLF injection to modify headers via part of uri. + uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A") (scheme, authority, request_uri, defrag_uri) = urlnorm(uri) |