Package: supybot
Version: 0.83.4.1.ds-2
Severity: normal
Any commands that are defined as expecting a URL will reject some
valid URLs if they contain a username and/or password and an @ before
the hostname. I have checked and it is not fixed upstream at sourceforge.
I have a possible patch for this.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages supybot depends on:
ii python 2.6.6-3+squeeze7 interactive high-level object-orie
ii python-support 1.0.10 automated rebuilding support for P
Versions of packages supybot recommends:
ii python 2.6.6-3+squeeze7 interactive high-level object-orie
ii python-feedparser 4.1-14 Universal Feed Parser for Python
ii python-simplejson 2.1.1-1 simple, fast, extensible JSON enco
Versions of packages supybot suggests:
ii python-dateutil 1.4.1-3 powerful extensions to the standar
pn python-dictclient <none> (no description available)
ii python-sqlite 1.0.1-7+b1 python interface to SQLite 2
pn python-twisted-core <none> (no description available)
pn python-twisted-names <none> (no description available)
-- no debconf information
--- hacks/usr-share-pyshared-supybot-utils-web.py 2012-10-18
17:36:45.000000000 +0100
+++ /usr/share/pyshared/supybot/utils/web.py 2012-10-18 17:55:06.000000000
+0100
@@ -50,9 +50,9 @@
# Base domain regex off RFC 1034 and 1738
label = r'[0-9a-z][-0-9a-z]*[0-9a-z]?'
domain = r'%s(?:\.%s)*\.[a-z][-0-9a-z]*[a-z]?' % (label, label)
-urlRe = re.compile(r'(\w+://(?:%s|%s)(?::\d+)?(?:/[^\])>\s]*)?)'
+urlRe = re.compile(r'(\w+://(\S+@)?(?:%s|%s)(?::\d+)?(?:/[^\])>\s]*)?)'
% (domain, ipAddr), re.I)
-httpUrlRe = re.compile(r'(https?://(?:%s|%s)(?::\d+)?(?:/[^\])>\s]*)?)'
+httpUrlRe = re.compile(r'(https?://(\S+@)?(?:%s|%s)(?::\d+)?(?:/[^\])>\s]*)?)'
% (domain, ipAddr), re.I)
REFUSED = 'Connection refused.'
