[Zope-Checkins] SVN: Zope/trunk/ Collector #1498: Don't choke on
malformed cookies. Cookies of the form
Florent Guillaume
fg at nuxeo.com
Fri Nov 26 13:50:12 EST 2004
Log message for revision 28527:
Collector #1498: Don't choke on malformed cookies. Cookies of the form
"foo=bar; hmm; baz=gee" will give an empty value for 'hmm' instead of
silently discarding it and the rest of the string. (Thanks to 'sirilyan'
for the patch.)
Changed:
U Zope/trunk/doc/CHANGES.txt
U Zope/trunk/lib/python/OFS/CopySupport.py
U Zope/trunk/lib/python/OFS/tests/testCopySupport.py
U Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
U Zope/trunk/lib/python/ZPublisher/tests/testHTTPRequest.py
-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt 2004-11-26 18:45:37 UTC (rev 28526)
+++ Zope/trunk/doc/CHANGES.txt 2004-11-26 18:50:11 UTC (rev 28527)
@@ -45,11 +45,16 @@
text/<foo> types
Bugs fixed
-
+
+ - Collector #1498: Don't choke on malformed cookies. Cookies of
+ the form "foo=bar; hmm; baz=gee" will give an empty value for
+ 'hmm' instead of silently discarding it and the rest of the
+ string. (Thanks to 'sirilyan' for the patch.)
+
- bin/zopectl test now uses os.execv, instead os os.system,
so that options with characters that needs shell quoting
doesn't break the command.
-
+
- Collector #945: Allow adding empty PythonScript instances
programmatically.
Modified: Zope/trunk/lib/python/OFS/CopySupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/CopySupport.py 2004-11-26 18:45:37 UTC (rev 28526)
+++ Zope/trunk/lib/python/OFS/CopySupport.py 2004-11-26 18:50:11 UTC (rev 28527)
@@ -14,7 +14,7 @@
$Id$
"""
-import re, sys, Globals, Moniker, tempfile, ExtensionClass
+import re, sys, Globals, Moniker, tempfile, ExtensionClass
from marshal import loads, dumps
from urllib import quote, unquote
from zlib import compress, decompress
@@ -29,6 +29,8 @@
CopyError='Copy Error'
+copy_re = re.compile('^copy([0-9]*)_of_(.*)')
+
_marker=[]
class CopyContainer(ExtensionClass.Base):
"""Interface for containerish objects which allow cut/copy/paste"""
@@ -113,19 +115,17 @@
return self.manage_main(self, REQUEST)
return cp
- copy_re=re.compile('^copy[0-9]*_of_')
-
def _get_id(self, id):
# Allow containers to override the generation of
# object copy id by attempting to call its _get_id
# method, if it exists.
- copy_match=self.copy_re.match(id)
- if (copy_match) and (copy_match.end() < len(id)):
- n=1
- orig_id=self.copy_re.sub('', id)
+ match = copy_re.match(id)
+ if match:
+ n = int(match.group(1) or '1')
+ orig_id = match.group(2)
else:
- n=0
- orig_id=id
+ n = 0
+ orig_id = id
while 1:
if self._getOb(id, None) is None:
return id
Modified: Zope/trunk/lib/python/OFS/tests/testCopySupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/tests/testCopySupport.py 2004-11-26 18:45:37 UTC (rev 28526)
+++ Zope/trunk/lib/python/OFS/tests/testCopySupport.py 2004-11-26 18:50:11 UTC (rev 28527)
@@ -183,6 +183,43 @@
self.failUnless( 'copy_of_file' in self.folder2.objectIds() )
self.failUnless( result == [{'id':'file', 'new_id':'copy_of_file'}])
+ def testPasteSingleSameIDMultipleTimes(self):
+ cookie = self.folder1.manage_copyObjects(ids=('file',))
+ result = self.folder1.manage_pasteObjects(cookie)
+ self.assertEqual(self.folder1.objectIds(), ['file', 'copy_of_file'])
+ self.assertEqual(result, [{'id':'file', 'new_id':'copy_of_file'}])
+ # make another copy of file
+ cookie = self.folder1.manage_copyObjects(ids=('file',))
+ result = self.folder1.manage_pasteObjects(cookie)
+ self.assertEqual(self.folder1.objectIds(),
+ ['file', 'copy_of_file', 'copy2_of_file'])
+ self.assertEqual(result, [{'id':'file', 'new_id':'copy2_of_file'}])
+ # now copy the copy
+ cookie = self.folder1.manage_copyObjects(ids=('copy_of_file',))
+ result = self.folder1.manage_pasteObjects(cookie)
+ self.assertEqual(self.folder1.objectIds(),
+ ['file', 'copy_of_file', 'copy2_of_file',
+ 'copy3_of_file'])
+ self.assertEqual(result, [{'id':'copy_of_file',
+ 'new_id':'copy3_of_file'}])
+ # or copy another copy
+ cookie = self.folder1.manage_copyObjects(ids=('copy2_of_file',))
+ result = self.folder1.manage_pasteObjects(cookie)
+ self.assertEqual(self.folder1.objectIds(),
+ ['file', 'copy_of_file', 'copy2_of_file',
+ 'copy3_of_file', 'copy4_of_file'])
+ self.assertEqual(result, [{'id':'copy2_of_file',
+ 'new_id':'copy4_of_file'}])
+
+ def testPasteSpecialName(self):
+ manage_addFile(self.folder1, 'copy_of_',
+ file='', content_type='text/plain')
+ cookie = self.folder1.manage_copyObjects(ids=('copy_of_',))
+ result = self.folder1.manage_pasteObjects(cookie)
+ self.assertEqual(self.folder1.objectIds(),
+ ['file', 'copy_of_', 'copy2_of_'])
+ self.assertEqual(result, [{'id':'copy_of_', 'new_id':'copy2_of_'}])
+
def testPasteMultiNotSameID( self ):
self.failUnless( 'file' in self.folder1.objectIds() )
self.failIf( 'file1' in self.folder1.objectIds() )
Modified: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/HTTPRequest.py 2004-11-26 18:45:37 UTC (rev 28526)
+++ Zope/trunk/lib/python/ZPublisher/HTTPRequest.py 2004-11-26 18:50:11 UTC (rev 28527)
@@ -1438,6 +1438,8 @@
'([\x00- ]*([^\x00- ;,="]+)="([^"]*)"([\x00- ]*[;,])?[\x00- ]*)'),
parmre=re.compile(
'([\x00- ]*([^\x00- ;,="]+)=([^\x00- ;,"]*)([\x00- ]*[;,])?[\x00- ]*)'),
+ paramlessre=re.compile(
+ '([\x00- ]*([^\x00- ;,="]+)[\x00- ]*[;,][\x00- ]*)'),
acquire=parse_cookie_lock.acquire,
release=parse_cookie_lock.release,
@@ -1469,8 +1471,16 @@
value = mo_p.group(3)
else:
- return result
+ # Broken Cookie without = nor value.
+ broken_p = paramlessre.match(text)
+ if broken_p:
+ l = len(broken_p.group(1))
+ name = broken_p.group(2)
+ value = ''
+ else:
+ return result
+
finally: release()
if not already_have(name): result[name]=value
Modified: Zope/trunk/lib/python/ZPublisher/tests/testHTTPRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/tests/testHTTPRequest.py 2004-11-26 18:45:37 UTC (rev 28526)
+++ Zope/trunk/lib/python/ZPublisher/tests/testHTTPRequest.py 2004-11-26 18:50:11 UTC (rev 28527)
@@ -564,7 +564,26 @@
self._noTaintedValues(req)
self._onlyTaintedformHoldsTaintedStrings(req)
+ def testCookieParsing(self):
+ env = {'SERVER_NAME': 'testingharnas', 'SERVER_PORT': '80'}
+ env['HTTP_COOKIE'] = 'foo=bar; baz=gee'
+ req = self._getHTTPRequest(env)
+ self.assertEquals(req.cookies['foo'], 'bar')
+ self.assertEquals(req.cookies['baz'], 'gee')
+
+ env['HTTP_COOKIE'] = 'foo=bar; baz="gee, like, e=mc^2"'
+ req = self._getHTTPRequest(env)
+ self.assertEquals(req.cookies['foo'], 'bar')
+ self.assertEquals(req.cookies['baz'], 'gee, like, e=mc^2')
+
+ # Collector #1498: empty cookies
+ env['HTTP_COOKIE'] = 'foo=bar; hmm; baz=gee'
+ req = self._getHTTPRequest(env)
+ self.assertEquals(req.cookies['foo'], 'bar')
+ self.assertEquals(req.cookies['hmm'], '')
+ self.assertEquals(req.cookies['baz'], 'gee')
+
TEST_ENVIRON = {
'CONTENT_TYPE': 'multipart/form-data; boundary=12345',
'REQUEST_METHOD': 'POST',
More information about the Zope-Checkins
mailing list