aboutsummaryrefslogtreecommitdiff
path: root/python2/httplib2/__init__.py
diff options
context:
space:
mode:
Diffstat (limited to 'python2/httplib2/__init__.py')
-rw-r--r--python2/httplib2/__init__.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py
index 9057d1f..f35ba48 100644
--- a/python2/httplib2/__init__.py
+++ b/python2/httplib2/__init__.py
@@ -19,7 +19,7 @@ __contributors__ = [
"Alex Yu",
]
__license__ = "MIT"
-__version__ = '0.17.2'
+__version__ = "0.18.1"
import base64
import calendar
@@ -129,7 +129,7 @@ if ssl is None:
_ssl_wrap_socket = _ssl_wrap_socket_unsupported
if sys.version_info >= (2, 3):
- from iri2uri import iri2uri
+ from .iri2uri import iri2uri
else:
def iri2uri(uri):
@@ -1985,6 +1985,9 @@ class Http(object):
headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__
uri = iri2uri(uri)
+ # Prevent CWE-75 space injection to manipulate request via part of uri.
+ # Prevent CWE-93 CRLF injection to modify headers via part of uri.
+ uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A")
(scheme, authority, request_uri, defrag_uri) = urlnorm(uri)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 02:42:53 +0000