• Kirill Smelkov's avatar
    fixup! Y client: Fix URI scheme to move credentials out of query · 7d1daf15
    Kirill Smelkov authored
    parse_qsl no longer treats ';' as valid query separator for security
    reason because most proxies did not do so and it was possible to poison
    proxy cache due to difference in query separator handling (see bugs.python.org/issue42967).
    
    To handle credentials we don't have any proxy here, and it is still
    perfectly valid to use ';' as credentials separator.
    
    -> Fix it with ';' -> '&' replace workaround, before feeding credentials
    string to parse_qsl.
    
    Amends: b9a42957.
    7d1daf15
zodburi.py 4.38 KB