SF patch #497420 (Eduardo Pérez): ftplib: ftp anonymous password

Instead of sending the real user and host, use "anonymous@" (i.e. no host name at all!) as the default anonymous FTP password. This avoids privacy violations.

SF patch #497420 (Eduardo Pérez): ftplib: ftp anonymous password
Instead of sending the real user and host, use "anonymous@" (i.e. no host name at all!) as the default anonymous FTP password. This avoids privacy violations.
c33e0778 · Guido van Rossum · 55602696 · c33e0778 · c33e0778 · c33e0778
Commit c33e0778 authored Dec 28, 2001 by Guido van Rossum
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 18 deletions

Doc/lib/libftplib.tex Doc/lib/libftplib.tex +2 -5

Lib/ftplib.py Lib/ftplib.py +8 -13

Misc/ACKS Misc/ACKS +1 -0

No files found.
--- a/Doc/lib/libftplib.tex
+++ b/Doc/lib/libftplib.tex
@@ -20,7 +20,7 @@ Here's a sample session using the \module{ftplib} module:
 \begin{verbatim}
 >>> from ftplib import FTP
 >>> ftp = FTP('ftp.cwi.nl')   # connect to host, default port
->>> ftp.login()               # user anonymous, passwd user@hostname
+>>> ftp.login()               # user anonymous, passwd anonymous@
 >>> ftp.retrlines('LIST')     # list directory contents
 total 24418
 drwxrwsr-x   5 ftp-usr  pdmaint     1536 Mar 20 09:48 .
@@ -121,10 +121,7 @@ Log in as the given \var{user}.  The \var{passwd} and \var{acct}
 parameters are optional and default to the empty string.  If no
 \var{user} is specified, it defaults to \code{'anonymous'}.  If
 \var{user} is \code{'anonymous'}, the default \var{passwd} is
-\samp{\var{realuser}@\var{host}} where \var{realuser} is the real user
+\code{'anonymous@'}.  This function should be called only
-name (glanced from the \envvar{LOGNAME} or \envvar{USER} environment
-variable) and \var{host} is the hostname as returned by
-\function{socket.gethostname()}.  This function should be called only
 once for each instance, after a connection has been established; it
 should not be called at all if a host and user were given when the
 instance was created.  Most FTP commands are only allowed after the

--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -351,19 +351,14 @@ class FTP:
        if not passwd: passwd = ''
        if not acct: acct = ''
        if user == 'anonymous' and passwd in ('', '-'):
-            # get fully qualified domain name of local host
+	    # If there is no anonymous ftp password specified
-            thishost = socket.getfqdn()
+	    # then we'll just use anonymous@
-            try:
+	    # We don't send any other thing because:
-                if os.environ.has_key('LOGNAME'):
+	    # - We want to remain anonymous
-                    realuser = os.environ['LOGNAME']
+	    # - We want to stop SPAM
-                elif os.environ.has_key('USER'):
+	    # - We don't want to let ftp sites to discriminate by the user,
-                    realuser = os.environ['USER']
+	    #   host or country.
-                else:
+            passwd = passwd + 'anonymous@'
-                    realuser = 'anonymous'
-            except AttributeError:
-                # Not all systems have os.environ....
-                realuser = 'anonymous'
-            passwd = passwd + realuser + '@' + thishost
        resp = self.sendcmd('USER ' + user)
        if resp[0] == '3': resp = self.sendcmd('PASS ' + passwd)
        if resp[0] == '3': resp = self.sendcmd('ACCT ' + acct)

--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -330,6 +330,7 @@ Randy Pausch
 Marcel van der Peijl
 Samuele Pedroni
 Steven Pemberton
+Eduardo Prez
 Tim Peters
 Chris Petrilli
 Geoff Philbrick