[Python-checkins] r81465 - in python/trunk: Lib/cookielib.py Lib/test/test_cookielib.py Misc/NEWS
georg.brandl
python-checkins at python.org
Sat May 22 13:29:19 CEST 2010
Author: georg.brandl
Date: Sat May 22 13:29:19 2010
New Revision: 81465
Log:
Issue #3924: Ignore cookies with invalid "version" field in cookielib.
Modified:
python/trunk/Lib/cookielib.py
python/trunk/Lib/test/test_cookielib.py
python/trunk/Misc/NEWS
Modified: python/trunk/Lib/cookielib.py
==============================================================================
--- python/trunk/Lib/cookielib.py (original)
+++ python/trunk/Lib/cookielib.py Sat May 22 13:29:19 2010
@@ -434,6 +434,13 @@
if attr: headers.append("; ".join(attr))
return ", ".join(headers)
+def strip_quotes(text):
+ if text.startswith('"'):
+ text = text[1:]
+ if text.endswith('"'):
+ text = text[:-1]
+ return text
+
def parse_ns_headers(ns_headers):
"""Ad-hoc parser for Netscape protocol cookie-attributes.
@@ -451,7 +458,7 @@
"""
known_attrs = ("expires", "domain", "path", "secure",
# RFC 2109 attrs (may turn up in Netscape cookies, too)
- "port", "max-age")
+ "version", "port", "max-age")
result = []
for ns_header in ns_headers:
@@ -471,12 +478,11 @@
k = lc
if k == "version":
# This is an RFC 2109 cookie.
+ v = strip_quotes(v)
version_set = True
if k == "expires":
# convert expires date to seconds since epoch
- if v.startswith('"'): v = v[1:]
- if v.endswith('"'): v = v[:-1]
- v = http2time(v) # None if invalid
+ v = http2time(strip_quotes(v)) # None if invalid
pairs.append((k, v))
if pairs:
@@ -1450,7 +1456,11 @@
# set the easy defaults
version = standard.get("version", None)
- if version is not None: version = int(version)
+ if version is not None:
+ try:
+ version = int(version)
+ except ValueError:
+ return None # invalid version, ignore cookie
secure = standard.get("secure", False)
# (discard is also set if expires is Absent)
discard = standard.get("discard", False)
Modified: python/trunk/Lib/test/test_cookielib.py
==============================================================================
--- python/trunk/Lib/test/test_cookielib.py (original)
+++ python/trunk/Lib/test/test_cookielib.py Sat May 22 13:29:19 2010
@@ -99,7 +99,8 @@
class HeaderTests(TestCase):
- def test_parse_ns_headers(self):
+
+ def test_parse_ns_headers_expires(self):
from cookielib import parse_ns_headers
# quotes should be stripped
@@ -110,6 +111,17 @@
]:
self.assertEquals(parse_ns_headers([hdr]), expected)
+ def test_parse_ns_headers_version(self):
+ from cookielib import parse_ns_headers
+
+ # quotes should be stripped
+ expected = [[('foo', 'bar'), ('version', '1')]]
+ for hdr in [
+ 'foo=bar; version="1"',
+ 'foo=bar; Version="1"',
+ ]:
+ self.assertEquals(parse_ns_headers([hdr]), expected)
+
def test_parse_ns_headers_special_names(self):
# names such as 'expires' are not special in first name=value pair
# of Set-Cookie: header
@@ -1091,6 +1103,8 @@
["Set-Cookie2: a=foo; path=/; Version=1; domain"],
# bad max-age
["Set-Cookie: b=foo; max-age=oops"],
+ # bad version
+ ["Set-Cookie: b=foo; version=spam"],
]:
c = cookiejar_from_cookie_headers(headers)
# these bad cookies shouldn't be set
Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS (original)
+++ python/trunk/Misc/NEWS Sat May 22 13:29:19 2010
@@ -29,6 +29,8 @@
Library
-------
+- Issue #3924: Ignore cookies with invalid "version" field in cookielib.
+
- Issue #6268: Fix seek() method of codecs.open(), don't read the BOM twice
after seek(0)
More information about the Python-checkins
mailing list