[issue17352] Be clear that __prepare__ must be declared as a class method

Ethan Furman added the comment: Should __prepare__ be special-cased as a classmethod, like __new__ is? Is there any reason to ever have __prepare__ /not/ be a classmethod? -- ___ Python tracker __

[issue23505] Urlparse insufficient validation leads to open redirect

STINNER Victor added the comment: >>> urlparse("//evil.com") ParseResult(scheme='', netloc='evil.com', path='', params='', query='', fragment='') I see evil.com in the netloc field, ok. But Firefox doesn't use Python to parse and url, and typing //evil.com in the address bar converts the addre

[issue23505] Urlparse insufficient validation leads to open redirect

Yassine ABOUKIR added the comment: When you directly type //evil.com or evil.com in Firefox URL bar you will be redirect to evil.com and that is very known, read this : http://homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html Here is a video demonstration of the v

[issue21619] Cleaning up a subprocess with a broken pipe

Akira Li added the comment: On Windows behavior http://stackoverflow.com/questions/23688492/oserror-errno-22-invalid-argument-in-subprocess -- nosy: +akira ___ Python tracker ___

[issue23567] os.stat() tuple access vs named attribute access int vs float

New submission from Gregory P. Smith: Python 2.7.6 (default, Mar 22 2014, 22:59:56) >>> import os, stat >>> os.stat('/') posix.stat_result(st_mode=16877, st_ino=2, st_dev=64513L, st_nlink=29, st_uid=0, st_gid=0, st_size=4096, st_atime=1425341751, st_mtime=1424824650, st_ctime=1424824650) >>> x

[issue23285] PEP 475 - EINTR handling

STINNER Victor added the comment: The change on Modules/_io/fileio.c is wrong: functions may return None with an exception set. It is wrong because a function must return a result with no exception set, or NULL and an exception set. Attached patch fixes this issue. -- Added file: http

[issue23285] PEP 475 - EINTR handling

STINNER Victor added the comment: Note: I found the bug while working on a patch for #22181. My test is this shell script: $ while true; do ./python -c 'import os, signal; signal.setitimer(signal.ITIMER_REAL, 0.001, 0.0001); signal.signal(signal.SIGALRM, lambda *args: print(".", end="")); pr

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

STINNER Victor added the comment: Commit in the Linux kernel: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895 -- Here is a patch to use the new getrandom() syscall of Linux 3.17 in the Python function os.urandom(). The functi

[issue23567] os.stat() tuple access vs named attribute access int vs float

STINNER Victor added the comment: It's already documented: https://docs.python.org/dev/library/os.html#os.stat_result "For compatibility with older Python versions, accessing stat_result as a tuple always returns integers." -- nosy: +haypo ___ Pyth

[issue23567] os.stat() tuple access vs named attribute access int vs float

Gregory P. Smith added the comment: I missed that because i was looking for it to be called out under 2.7 os.stat() docs rather than under 2.7's os.stat_float_times() which is a method nobody is likely to read the documentation for as floats have been the default since 2.5. The 2.7 docs are mu

[issue23564] Patch fixing sanity check for ordered fd sequence in _posixsubprocess.c

Changes by Ned Deily : -- nosy: +gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue23512] The list of built-in functions is not alphabetical on https://docs.python.org/2/library/functions.html

Changes by Carlo Beccarini : Removed file: http://bugs.python.org/file38305/functions.rst ___ Python tracker ___ ___ Python-bugs-list mailing

[issue23560] Group the docs of similar methods in stdtypes.rst

Changes by Martin Panter : -- nosy: +vadmium ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue21619] Cleaning up a subprocess with a broken pipe

Martin Panter added the comment: Thanks for that link; the answer by Eryksun is particularly enlightening. Apparently EINVAL actually represents an underlying broken pipe condition in Window

[issue23362] integer overflow in string translate

Changes by Arfrever Frehtes Taifersar Arahesis : -- versions: +Python 3.3, Python 3.5 ___ Python tracker ___ ___ Python-bugs-list mail

[issue23367] integer overflow in unicodedata.normalize

Changes by Arfrever Frehtes Taifersar Arahesis : -- versions: +Python 2.7, Python 3.3, Python 3.5 ___ Python tracker ___ ___ Python-bu

[issue23505] Urlparse insufficient validation leads to open redirect

Martin Panter added the comment: Do you think it would be enough to ensure the urlparse() result remembers whether the empty “//” was present or not? In other words, something like the following mockup (based on the Issue 22852 proposal). An example vunerable program would help me understand t

[issue22801] collections.Counter, when empty, doesn't raise an error with &= when other is an incompatible type

Raymond Hettinger added the comment: I see no reason pure python code to have to detect and report such oddities. Closing as not worth it. -- resolution: -> rejected status: open -> closed ___ Python tracker _

[issue22555] Tracking issue for adjustments to binary/text boundary handling

Nick Coghlan added the comment: PEP 461 landed, restoring binary interpolation support: https://hg.python.org/cpython/rev/8d802fb6ae32 There are also some relevant around standardising the C.UTF-8 locale currently available on some Linux systems: Fedora RFE: https://bugzilla.redhat.com/show_b

[issue21619] Cleaning up a subprocess with a broken pipe

STINNER Victor added the comment: A few months ago, I modified Popen.communicate() to handle EINVAL on Windows. -- ___ Python tracker ___

[issue23564] Patch fixing sanity check for ordered fd sequence in _posixsubprocess.c

Gregory P. Smith added the comment: Haha, yes, that description and patch look correct. Thanks! Fortunately this bug is low impact as this was just a sanity check and the calling code from subprocess.py was already passing the correct data in. An ideal regression test: An explicit unittest th

<    1   2