"stuart 'zen' bishop" <ze-@cs.rmit.edu.au> wrote:
On Mon, 31 Jan 2000, Terry Kerr wrote:
I am having problems trying to set a cookie when the cookie is a pickled object. It appears to be a problem when the string representation of the pickled object containes carrage returns. ...setCookie seems to barf in this situation. Anyone else had problems with this and/or found work arounds? from base64 import decodestring, encodestring cookie = encodestring(pickledstuff) And to reverse pickledstuff = decodestring(cookie)
Hmm... are you sure base64 is good enough? I was using base64's encoding, but then I was still running into problems. I don't remember the exact situation, but base64 was not good enough. At the end, I had to switch to urllib, by using urllib.quote_plus() and urllib.unquote_plus(). The resulting string was bulkier, I didn't like it too much... but at least it did not fail like base64. Hung Jung ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Hung Jung Lu wrote:
Hmm... are you sure base64 is good enough? I was using base64's encoding, but then I was still running into problems. I don't remember the exact situation, but base64 was not good enough.
Indeed. base64 can produce '='s, which cookies don't like one bit.
At the end, I had to switch to urllib, by using urllib.quote_plus() and urllib.unquote_plus().
A good solution. The ideal, of course, would be to change RESPONSE.setCookie so that it automatically applies 'cookie_quote' to cookie values, and have ZPublisher 'cookie_unquote' the cookie dict. The implementation of these two methods is left as an exercise for the reader. Cheers, Evan @ 4-am (and soon digicool)
Hung Jung Lu wrote:
"stuart 'zen' bishop" <ze-@cs.rmit.edu.au> wrote:
On Mon, 31 Jan 2000, Terry Kerr wrote:
I am having problems trying to set a cookie when the cookie is a pickled object. It appears to be a problem when the string representation of the pickled object containes carrage returns. ...setCookie seems to barf in this situation. Anyone else had problems with this and/or found work arounds? from base64 import decodestring, encodestring cookie = encodestring(pickledstuff) And to reverse pickledstuff = decodestring(cookie)
Hmm... are you sure base64 is good enough? I was using base64's encoding, but then I was still running into problems. I don't remember the exact situation, but base64 was not good enough.
At the end, I had to switch to urllib, by using urllib.quote_plus() and urllib.unquote_plus(). The resulting string was bulkier, I didn't like it too much... but at least it did not fail like base64.
Hung Jung
Umm...Yes, base64 didn't work for me, but neither did urllib.quote_plus() !! My pickled cookies have carrage returns in them, and unquoting the cookie just returns an error. The only method I have found so far is to string.replace all '\012' with "\\012". terry -- Terry Kerr (terry@adroitnet.com.au) Adroit Internet Solutions PTY LTD (www.adroitnet.com.au) (03) 9888 8522 0414 938 124
On Tue, 01 Feb 2000 10:00:12 +1100, Terry Kerr <terry@adroitnet.com.au> wrote:
I am having problems trying to set a cookie when the cookie is a pickled object.
I'm sure you know this, but you need to take care to avoid opening a security hole. The default unpickler can create an instance of _any_ class, including potentially dangerous ones. Pickling isn't inherently unsafe, you just need to be careful when unpickling. I've included an unpickler below that will only create simple types which are all safe (as far as I can tell... no warranty.... use at your own risk... etc...) Hope this helps, Toby Dickenson import pickle from cStringIO import StringIO __version__ = "1.0" if pickle.format_version!="1.3": # Maybe the format changed, and opened a security hole raise 'Invalid pickle version' class MiniUnpickler(pickle.Unpickler): """An unpickler that can only handle simple types. """ def refuse_to_unpickle(self): raise pickle.UnpicklingError, 'Refused' dispatch = pickle.Unpickler.dispatch.copy() dispatch[pickle.GLOBAL] = refuse_to_unpickle dispatch[pickle.OBJ] = refuse_to_unpickle dispatch[pickle.INST] = refuse_to_unpickle dispatch[pickle.REDUCE] = refuse_to_unpickle dispatch[pickle.BUILD] = refuse_to_unpickle def _should_succeed(x): if x != MiniUnpickler(StringIO(pickle.dumps(x,1))).load(): raise ValueError(x) def _should_fail(x): try: MiniUnpickler(StringIO(pickle.dumps(x,1))).load() raise ValueError(x) except pickle.UnpicklingError, e: if e!='Refused': raise ValueError(x) class _junk_class: pass def _test(): _should_succeed('hello') _should_succeed(1) _should_succeed(1L) _should_succeed(1.0) _should_succeed((1,2,3)) _should_succeed([1,2,3]) _should_succeed({1:2,3:4}) _should_fail(open) _should_fail(_junk_class) _should_fail(_junk_class()) if __name__=='__main__': _test() print "OK" Toby Dickenson tdickenson@geminidataloggers.com
participants (4)
-
Evan Simpson -
Hung Jung Lu -
Terry Kerr -
Toby Dickenson