From 60251523dad2baca78224eacf0208ac1c7537efe Mon Sep 17 00:00:00 2001
From: L2501 <L2501@users.noreply.github.com>
Date: Sat, 9 Dec 2023 08:14:59 +0000
Subject: [PATCH] [script.module.urllib3] 1.26.18

---
 script.module.urllib3/addon.xml               |  4 ++--
 .../lib/urllib3/_collections.py               | 18 ++++++++++++++++
 script.module.urllib3/lib/urllib3/_version.py |  2 +-
 .../lib/urllib3/connectionpool.py             |  5 +++++
 .../lib/urllib3/contrib/securetransport.py    |  3 +--
 .../lib/urllib3/poolmanager.py                |  7 +++++--
 script.module.urllib3/lib/urllib3/request.py  | 21 +++++++++++++++++++
 .../lib/urllib3/util/retry.py                 |  2 +-
 8 files changed, 54 insertions(+), 8 deletions(-)

diff --git a/script.module.urllib3/addon.xml b/script.module.urllib3/addon.xml
index 41a910ad8..f3963e081 100644
--- a/script.module.urllib3/addon.xml
+++ b/script.module.urllib3/addon.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<addon id="script.module.urllib3" name="urllib3" version="1.26.16" provider-name="urllib3">
+<addon id="script.module.urllib3" name="urllib3" version="1.26.18" provider-name="urllib3">
   <requires>
-    <import addon="xbmc.python" version="2.25.0"/>
+    <import addon="xbmc.python" version="2.25.0" />
   </requires>
   <extension point="xbmc.python.module" library="lib" />
   <extension point="xbmc.addon.metadata">
diff --git a/script.module.urllib3/lib/urllib3/_collections.py b/script.module.urllib3/lib/urllib3/_collections.py
index da9857e98..bceb8451f 100644
--- a/script.module.urllib3/lib/urllib3/_collections.py
+++ b/script.module.urllib3/lib/urllib3/_collections.py
@@ -268,6 +268,24 @@ def getlist(self, key, default=__marker):
         else:
             return vals[1:]
 
+    def _prepare_for_method_change(self):
+        """
+        Remove content-specific header fields before changing the request
+        method to GET or HEAD according to RFC 9110, Section 15.4.
+        """
+        content_specific_headers = [
+            "Content-Encoding",
+            "Content-Language",
+            "Content-Location",
+            "Content-Type",
+            "Content-Length",
+            "Digest",
+            "Last-Modified",
+        ]
+        for header in content_specific_headers:
+            self.discard(header)
+        return self
+
     # Backwards compatibility for httplib
     getheaders = getlist
     getallmatchingheaders = getlist
diff --git a/script.module.urllib3/lib/urllib3/_version.py b/script.module.urllib3/lib/urllib3/_version.py
index d69ca3145..85e725eaf 100644
--- a/script.module.urllib3/lib/urllib3/_version.py
+++ b/script.module.urllib3/lib/urllib3/_version.py
@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.16"
+__version__ = "1.26.18"
diff --git a/script.module.urllib3/lib/urllib3/connectionpool.py b/script.module.urllib3/lib/urllib3/connectionpool.py
index 96844d933..5a6adcbdc 100644
--- a/script.module.urllib3/lib/urllib3/connectionpool.py
+++ b/script.module.urllib3/lib/urllib3/connectionpool.py
@@ -9,6 +9,7 @@
 from socket import error as SocketError
 from socket import timeout as SocketTimeout
 
+from ._collections import HTTPHeaderDict
 from .connection import (
     BaseSSLError,
     BrokenPipeError,
@@ -843,7 +844,11 @@ def _is_ssl_error_message_from_http_proxy(ssl_error):
         redirect_location = redirect and response.get_redirect_location()
         if redirect_location:
             if response.status == 303:
+                # Change the method according to RFC 9110, Section 15.4.4.
                 method = "GET"
+                # And lose the body not to transfer anything sensitive.
+                body = None
+                headers = HTTPHeaderDict(headers)._prepare_for_method_change()
 
             try:
                 retries = retries.increment(method, url, response=response, _pool=self)
diff --git a/script.module.urllib3/lib/urllib3/contrib/securetransport.py b/script.module.urllib3/lib/urllib3/contrib/securetransport.py
index 6c46a3b9f..e311c0c89 100644
--- a/script.module.urllib3/lib/urllib3/contrib/securetransport.py
+++ b/script.module.urllib3/lib/urllib3/contrib/securetransport.py
@@ -64,9 +64,8 @@
 import threading
 import weakref
 
-import six
-
 from .. import util
+from ..packages import six
 from ..util.ssl_ import PROTOCOL_TLS_CLIENT
 from ._securetransport.bindings import CoreFoundation, Security, SecurityConst
 from ._securetransport.low_level import (
diff --git a/script.module.urllib3/lib/urllib3/poolmanager.py b/script.module.urllib3/lib/urllib3/poolmanager.py
index 14b10daf3..fb51bf7d9 100644
--- a/script.module.urllib3/lib/urllib3/poolmanager.py
+++ b/script.module.urllib3/lib/urllib3/poolmanager.py
@@ -4,7 +4,7 @@
 import functools
 import logging
 
-from ._collections import RecentlyUsedContainer
+from ._collections import HTTPHeaderDict, RecentlyUsedContainer
 from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, port_by_scheme
 from .exceptions import (
     LocationValueError,
@@ -382,9 +382,12 @@ def urlopen(self, method, url, redirect=True, **kw):
         # Support relative URLs for redirecting.
         redirect_location = urljoin(url, redirect_location)
 
-        # RFC 7231, Section 6.4.4
         if response.status == 303:
+            # Change the method according to RFC 9110, Section 15.4.4.
             method = "GET"
+            # And lose the body not to transfer anything sensitive.
+            kw["body"] = None
+            kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
 
         retries = kw.get("retries")
         if not isinstance(retries, Retry):
diff --git a/script.module.urllib3/lib/urllib3/request.py b/script.module.urllib3/lib/urllib3/request.py
index 398386a5b..3b4cf9992 100644
--- a/script.module.urllib3/lib/urllib3/request.py
+++ b/script.module.urllib3/lib/urllib3/request.py
@@ -1,6 +1,9 @@
 from __future__ import absolute_import
 
+import sys
+
 from .filepost import encode_multipart_formdata
+from .packages import six
 from .packages.six.moves.urllib.parse import urlencode
 
 __all__ = ["RequestMethods"]
@@ -168,3 +171,21 @@ def request_encode_body(
         extra_kw.update(urlopen_kw)
 
         return self.urlopen(method, url, **extra_kw)
+
+
+if not six.PY2:
+
+    class RequestModule(sys.modules[__name__].__class__):
+        def __call__(self, *args, **kwargs):
+            """
+            If user tries to call this module directly urllib3 v2.x style raise an error to the user
+            suggesting they may need urllib3 v2
+            """
+            raise TypeError(
+                "'module' object is not callable\n"
+                "urllib3.request() method is not supported in this release, "
+                "upgrade to urllib3 v2 to use it\n"
+                "see https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html"
+            )
+
+    sys.modules[__name__].__class__ = RequestModule
diff --git a/script.module.urllib3/lib/urllib3/util/retry.py b/script.module.urllib3/lib/urllib3/util/retry.py
index 2490d5e5b..60ef6c4f3 100644
--- a/script.module.urllib3/lib/urllib3/util/retry.py
+++ b/script.module.urllib3/lib/urllib3/util/retry.py
@@ -235,7 +235,7 @@ class Retry(object):
     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
 
     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
 
     #: Maximum backoff time.
     DEFAULT_BACKOFF_MAX = 120