[Python-checkins] cpython (3.2): allow square brackets in cookie values (closes #22931)

[benjamin.peterson]

https://hg.python.org/cpython/rev/710cdba13323
changeset:   96230:710cdba13323
branch:      3.2
parent:      95786:91096d27c802
user:        Benjamin Peterson <benjamin at python.org>
date:        Sat May 23 10:36:48 2015 -0500
summary:
  allow square brackets in cookie values (closes #22931)

files:
  Lib/http/cookies.py           |   7 ++++---
  Lib/test/test_http_cookies.py |  14 ++++++++++++++
  Misc/NEWS                     |   5 +++++
  3 files changed, 23 insertions(+), 3 deletions(-)


diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -429,12 +429,13 @@
 # result, the parsing rules here are less strict.
 #
 
-_LegalCharsPatt  = r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"
+_LegalKeyChars  = r"\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\="
+_LegalValueChars = _LegalKeyChars + '\[\]'
 _CookiePattern = re.compile(r"""
     (?x)                           # This is a verbose pattern
     \s*                            # Optional whitespace at start of cookie
     (?P<key>                       # Start of group 'key'
-    """ + _LegalCharsPatt + r"""+?   # Any word of at least one letter
+    [""" + _LegalKeyChars + r"""]+?   # Any word of at least one letter
     )                              # End of group 'key'
     \s*=\s*                        # Equal Sign
     (?P<val>                       # Start of group 'val'
@@ -442,7 +443,7 @@
     |                                # or
     \w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT  # Special case for "expires" attr
     |                                # or
-    """ + _LegalCharsPatt + r"""*    # Any word or empty string
+    [""" + _LegalValueChars + r"""]*    # Any word or empty string
     )                              # End of group 'val'
     \s*;?                          # Probably ending in a semi-colon
     """, re.ASCII)                 # May be removed if safe.
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -34,6 +34,20 @@
              'dict': {'keebler' : 'E=mc2'},
              'repr': "<SimpleCookie: keebler='E=mc2'>",
              'output': 'Set-Cookie: keebler=E=mc2'},
+
+            # issue22931 - Adding '[' and ']' as valid characters in cookie
+            # values as defined in RFC 6265
+            {
+                'data': 'a=b; c=[; d=r; f=h',
+                'dict': {'a':'b', 'c':'[', 'd':'r', 'f':'h'},
+                'repr': "<SimpleCookie: a='b' c='[' d='r' f='h'>",
+                'output': '\n'.join((
+                    'Set-Cookie: a=b',
+                    'Set-Cookie: c=[',
+                    'Set-Cookie: d=r',
+                    'Set-Cookie: f=h'
+                ))
+            }
         ]
 
         for case in cases:
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,11 @@
 - Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV.  Analysis
   and fix by Guido Vranken.
 
+Library
+-------
+
+- Issue #22931: Allow '[' and ']' in cookie values.
+
 
 What's New in Python 3.2.6?
 ===========================

-- 
Repository URL: https://hg.python.org/cpython