From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
From: push0ebp <push0ebp@shl-MacBook-Pro.local>
Date: Thu, 14 Feb 2019 02:05:46 +0900
Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
 URL scheme in urllib

--- a/Lib/test/test_urllib.py	2019-03-28 23:50:14.379076156 +0530
+++ b/Lib/test/test_urllib.py	2019-03-28 23:50:36.903077132 +0530
@@ -1023,6 +1023,18 @@ class URLopener_Tests(unittest.TestCase)
             "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
             "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
 
+def test_local_file_open(self):
+        class DummyURLopener(urllib.URLopener):
+            def open_local_file(self, url):
+                return url
+        self.assertEqual(DummyURLopener().open(
+            'local-file://example'), '//example')
+        self.assertEqual(DummyURLopener().open(
+            'local_file://example'), '//example')
+        self.assertRaises(IOError, urllib.urlopen,
+            'local-file://example')
+        self.assertRaises(IOError, urllib.urlopen,
+            'local_file://example')
 
 # Just commented them out.
 # Can't really tell why keep failing in windows and sparc.
--- a/Lib/urllib.py	2019-03-28 23:47:22.563068712 +0530
+++ b/Lib/urllib.py	2019-03-28 23:50:00.187075541 +0530
@@ -203,7 +203,9 @@ class URLopener:
         name = 'open_' + urltype
         self.type = urltype
         name = name.replace('-', '_')
-        if not hasattr(self, name):
+        # bpo-35907: # disallow the file reading with the type not allowed
+        if not hasattr(self, name) or \
+            (self == _urlopener and name == 'open_local_file'):
             if proxy:
                 return self.open_unknown_proxy(proxy, fullurl, data)
             else: