[Checkins] SVN: Zope/trunk/ Fix BBB regression which prevented setting browser ID cookies

Tres Seaver tseaver at palladion.com
Mon May 11 13:36:00 EDT 2009 

Log message for revision 99853:
  Fix BBB regression which prevented setting browser ID cookies
  
  . Browser ID managers created before the 'HTTPOnly' feature landed didn't
    have a 'cookie_httponly' attribute.  https://bugs.launchpad.net/bugs/374816
  

Changed:
  U   Zope/trunk/doc/CHANGES.rst
  U   Zope/trunk/src/Products/Sessions/BrowserIdManager.py
  U   Zope/trunk/src/Products/Sessions/tests/testBrowserIdManager.py

-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst	2009-05-11 17:29:33 UTC (rev 99852)
+++ Zope/trunk/doc/CHANGES.rst	2009-05-11 17:35:59 UTC (rev 99853)
@@ -5,9 +5,37 @@
 Change information for previous versions of Zope can be found in the
 file HISTORY.txt.
 
-Trunk (2009/05/06)
+Trunk (unreleased)
 ------------------
 
+Features Added
+++++++++++++++
+
+- zExceptions.convertExceptionType:  new API, breaking out conversion of
+  exception names to exception types from 'upgradeException'.
+
+Bugs Fixed
+++++++++++
+
+- Fix BBB regression which prevented setting browser ID cookies from
+  browser ID managers created before the 'HTTPOnly' feature landed.
+  https://bugs.launchpad.net/bugs/374816
+
+- RESPONSE.handle_errors was wrongly set (to debug, should have been
+  ``not debug``). Also, the check for exception constructor arguments
+  didn't account for exceptions that didn't override the ``__init__``
+  (which are most of them). The combination of those two problems
+  caused the ``standard_error_message`` not to be called. Fixes
+  https://bugs.launchpad.net/zope2/+bug/372632 .
+
+- DocumentTemplate.DT_Raise:  use new 'zExceptions.convertExceptionType'
+  API to allow raising non-builtin exceptions.
+  Fixes https://bugs.launchpad.net/zope2/+bug/372629 , which prevented
+  viewing the "Try" tab of a script with no parameters.
+
+Zope 2.12.0b1 (2009/05/06)
+--------------------------
+
 Restructuring
 +++++++++++++
 
@@ -23,9 +51,6 @@
 Features Added
 ++++++++++++++
 
-- zExceptions.convertExceptionType:  new API, breaking out conversion of
-  exception names to exception types from 'upgradeException'.
-
 - Extended BrowserIdManager to expose the 'HTTPOnly' attribute for its
   cookie. Also via https://bugs.launchpad.net/zope2/+bug/367393 .
 
@@ -36,18 +61,6 @@
 Bugs Fixed
 ++++++++++
 
-- RESPONSE.handle_errors was wrongly set (to debug, should have been
-  ``not debug``). Also, the check for exception constructor arguments
-  didn't account for exceptions that didn't override the ``__init__``
-  (which are most of them). The combination of those two problems
-  caused the ``standard_error_message`` not to be called. Fixes
-  https://bugs.edge.launchpad.net/zope2/+bug/372632 .
-
-- DocumentTemplate.DT_Raise:  use new 'zExceptions.convertExceptionType'
-  API to allow raising non-builtin exceptions.
-  Fixes https://bugs.launchpad.net/zope2/+bug/372629 , which prevented
-  viewing the "Try" tab of a script with no parameters.
-
 - ZPublisher response.setBody: don't append Accept-Encoding to Vary header if
   it is already present - this can make cache configuration difficult.
 

Modified: Zope/trunk/src/Products/Sessions/BrowserIdManager.py
===================================================================
--- Zope/trunk/src/Products/Sessions/BrowserIdManager.py	2009-05-11 17:29:33 UTC (rev 99852)
+++ Zope/trunk/src/Products/Sessions/BrowserIdManager.py	2009-05-11 17:35:59 UTC (rev 99853)
@@ -102,6 +102,7 @@
 
     # BBB
     auto_url_encoding = 0
+    cookie_http_only = 0
 
     def __init__(self, id, title='', idname='_ZopeId',
                  location=('cookies', 'form'), cookiepath=('/'),

Modified: Zope/trunk/src/Products/Sessions/tests/testBrowserIdManager.py
===================================================================
--- Zope/trunk/src/Products/Sessions/tests/testBrowserIdManager.py	2009-05-11 17:29:33 UTC (rev 99852)
+++ Zope/trunk/src/Products/Sessions/tests/testBrowserIdManager.py	2009-05-11 17:35:59 UTC (rev 99853)
@@ -451,6 +451,17 @@
         self.assertEqual(response.cookies['bid'],
                          {'path': '/', 'value': 'xxx', 'http_only': True})
 
+    def test__setCookie_http_only_missing_attr(self):
+        # See https://bugs.launchpad.net/bugs/374816
+        response = DummyResponse(cookies={})
+        request = DummyRequest(RESPONSE=response, URL1='https://example.com/')
+        mgr = self._makeOne(request)
+        del mgr.cookie_http_only # pre-2.12 instances didn't have this
+        mgr.setBrowserIdName('bid')
+        mgr._setCookie('xxx', request)
+        self.assertEqual(response.cookies['bid'],
+                         {'path': '/', 'value': 'xxx'})
+
     def test__setId_same_id_noop(self):
         mgr = self._makeOne(name='foo')
         mgr._setId('foo')

More information about the Checkins mailing list