failure to check if the url provided to request actually starts with https / http

[GoogleCodeExporter]

In the 2X python version of this module, the http class request method fails to 
check if the url provided to request actually starts with https / http.
So this is valid (and scary ... ).

url = " https://foobar.com/yes"
The http class will be working with scheme = " https" and because of the 
following code:

"
 else:
                if not connection_type:
                    connection_type = (scheme == 'https') and HTTPSConnectionWithTimeout or HTTPConnectionWithTimeout
                certs = list(self.certificates.iter(authority))
                if scheme == 'https' and certs:
                    conn = self.connections[conn_key] = connection_type(authority, key_file=certs[0][0],
                        cert_file=certs[0][1], timeout=self.timeout, proxy_info=self.proxy_info)
                else:
                    conn = self.connections[conn_key] = connection_type(authority, timeout=self.timeout, proxy_info=self.proxy_info)
                conn.set_debuglevel(debuglevel)

"
it will make a http connection(try...? I don't have this module installed so I 
cannot say for sure ;) ) to the remote host as the scheme is not 'https'.
This method *should* raise an error if the url does not start with "https" or 
"http".
It fails to do this, which may put potential users at risk ... 
I am not sure what happens if you put " https://"... because I do not have this 
module installed, as I stated above. 

Original issue reported on code.google.com by db.pub.m...@gmail.com on 29 Sep 2010 at 6:52

[GoogleCodeExporter]

Original comment by joe.gregorio@gmail.com on 14 Feb 2011 at 3:56

• Changed state: Invalid