gh-99080: Preserve backslash character not used to escape quotes in .netrc files by stefanoboriero · Pull Request #99088 · python/cpython
Backslashes can be valid characters in password, they are not always used to escape symbols. Treat backslash characters as escape symbols only for quotes in quotes.
All commit authors signed the Contributor License Agreement.
Any news on this? The issue is getting spread on more and more computers and may stuck some people with a .netrc shared by multiple applications.
The current code matches what is done in GNU inetutils, and supposedly (chatgpt) GNU wget, Curl, and the other ftp implementations for parsing netrc files. Maybe the status quo is better, to preserve compatibility and behavior across tooling?
As an extra data point, I checked what Emacs does and it differs from inetutlis: it doesn't do any unescaping (preserves everything literally), and only strip quotes at the edge of a netrc token:
(defun auth-source-netrc-looking-at-token () "Say whether the next think in the buffer is a token (password, etc). Match data is altered to reflect the token." (or (looking-at "'\\([^']*\\)'") (looking-at "\"\\([^\"]*\\)\"") (looking-at "\\([^ \t\n]+\\)")))
See: https://cgit.git.savannah.gnu.org/cgit/emacs.git/tree/lisp/auth-source.el#n1040
Hi guys, what's the status here?
Curl does not have any issue treating my password's backslash as a backslash, instead of silently stripping it like the netrc python lib does. I spent two hours yesterday to find out why my python netrc test ran into a 401 authentication failure. Now I wrote my own code instead.
This PR is stale because it has been open for 30 days with no activity.