* lib/open-uri.rb (OpenURI.open_loop): send authentication only for

  the URI directly specified.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 15 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index afcda77173..689376caaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sat Feb 12 17:29:19 2005  Tanaka Akira  <akr@m17n.org>
+
+	* lib/open-uri.rb (OpenURI.open_loop): send authentication only for
+	  the URI directly specified.
+
 Sat Feb 12 15:07:23 2005  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* random.c (rand_init): suppress warning.
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index 14e397b322..83bb756bb1 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -176,6 +176,11 @@ module OpenURI
         unless OpenURI.redirectable?(uri, redirect)
           raise "redirection forbidden: #{uri} -> #{redirect}"
         end
+        if options.include? :http_basic_authentication
+          # send authentication only for the URI directly specified.
+          options = options.dup
+          options.delete :http_basic_authentication
+        end
         uri = redirect
         raise "HTTP redirection loop: #{uri}" if uri_set.include? uri.to_s
         uri_set[uri.to_s] = true
@@ -201,6 +206,11 @@ module OpenURI
       raise "Non-HTTP proxy URI: #{proxy}" if proxy.class != URI::HTTP
     end
 
+    if target.userinfo && "1.9.0" <= RUBY_VERSION
+      # don't raise for 1.8 because compatibility.
+      raise "userinfo not supported.  [RFC3986]"
+    end
+
     require 'net/http'
     klass = Net::HTTP
     if URI::HTTP === target