[Zope-Checkins] CVS: Packages/ZPublisher - HTTPRequest.py:1.90.2.8
Florent Guillaume
fg at nuxeo.com
Fri Nov 26 13:46:21 EST 2004
Update of /cvs-repository/Packages/ZPublisher
In directory cvs.zope.org:/tmp/cvs-serv30896/lib/python/ZPublisher
Modified Files:
Tag: Zope-2_7-branch
HTTPRequest.py
Log Message:
Collector #1498: Don't choke on malformed cookies. Cookies of the form
"foo=bar; hmm; baz=gee" will give an empty value for 'hmm' instead of
silently discarding it and the rest of the string. (Thanks to 'sirilyan'
for the patch.)
=== Packages/ZPublisher/HTTPRequest.py 1.90.2.7 => 1.90.2.8 ===
--- Packages/ZPublisher/HTTPRequest.py:1.90.2.7 Mon Nov 8 01:49:18 2004
+++ Packages/ZPublisher/HTTPRequest.py Fri Nov 26 13:45:50 2004
@@ -1440,6 +1440,8 @@
'([\x00- ]*([^\x00- ;,="]+)="([^"]*)"([\x00- ]*[;,])?[\x00- ]*)'),
parmre=re.compile(
'([\x00- ]*([^\x00- ;,="]+)=([^\x00- ;,"]*)([\x00- ]*[;,])?[\x00- ]*)'),
+ paramlessre=re.compile(
+ '([\x00- ]*([^\x00- ;,="]+)[\x00- ]*[;,][\x00- ]*)'),
acquire=parse_cookie_lock.acquire,
release=parse_cookie_lock.release,
@@ -1471,7 +1473,15 @@
value = mo_p.group(3)
else:
- return result
+ # Broken Cookie without = nor value.
+ broken_p = paramlessre.match(text)
+ if broken_p:
+ l = len(broken_p.group(1))
+ name = broken_p.group(2)
+ value = ''
+
+ else:
+ return result
finally: release()
More information about the Zope-Checkins
mailing list