Fixed #27912, CVE-2017-7233 -- Fixed is_safe_url() with numeric URLs.

This is a security fix.
author: Tim Graham <timograham@gmail.com> 2017-03-14 10:46:53 -0400
committer: Tim Graham <timograham@gmail.com> 2017-04-04 10:42:06 -0400
commit: 5ea48a70afac5e5684b504f09286e7defdd1a81a (patch)
tree: f15a5583043ecac926b45b256091f4580d8ae5d3 /tests/utils_tests/test_http.py
parent: a1f948b468b6621083a03b0d53432341b7a4d753 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/utils_tests/test_http.py b/tests/utils_tests/test_http.py
index 281fb77fbb..80e795d3af 100644
--- a/tests/utils_tests/test_http.py
+++ b/tests/utils_tests/test_http.py
@@ -97,6 +97,8 @@ class TestUtilsHttp(unittest.TestCase):
             r'http://testserver\me:pass@example.com',
             r'http://testserver\@example.com',
             r'http:\\testserver\confirm\me@example.com',
+            'http:999999999',
+            'ftp:9999999999',
             '\n',
         )
         for bad_url in bad_urls:
@@ -117,6 +119,7 @@ class TestUtilsHttp(unittest.TestCase):
             '//testserver/',
             'http://testserver/confirm?email=me@example.com',
             '/url%20with%20spaces/',
+            'path/http:2222222222',
         )
         for good_url in good_urls:
             with ignore_warnings(category=RemovedInDjango21Warning):
author	Tim Graham <timograham@gmail.com>	2017-03-14 10:46:53 -0400
committer	Tim Graham <timograham@gmail.com>	2017-04-04 10:42:06 -0400
commit	5ea48a70afac5e5684b504f09286e7defdd1a81a (patch)
tree	f15a5583043ecac926b45b256091f4580d8ae5d3 /tests/utils_tests/test_http.py
parent	a1f948b468b6621083a03b0d53432341b7a4d753 (diff)