[Zope-dev] Re: Five: Feature freeze and release fest tomorrow

[Florent Guillaume]

Brian Sutherland wrote:
> On Wed, May 03, 2006 at 01:32:49AM +0200, Daniel Nouri wrote:
>> So, after talking to philiKON and jinty on IRC, I wrote this rather
>> kludgy test that shows that there's a problem with the current
>> implementation of testbrowser in Five and cookies.
>>
>> Attached is a patch that contains both the test and the fix.  Note that
>> I couldn't find the time to write a test for Zope 3 that would show that
>> the Zope 3 setup does *not* eat away your cookies.  jinty suggested I
>> should do that, but I think the included test makes things clear enough.
> 
> I just wanted an example of what Zope3 does, but was too lazy to find
> one myself. But yeah, your test makes it absolutely clear to me that
> this is a bug we need to fix. I'll commit your patch (or something like
> it) to the trunk and Five 1.4 branches.
> 
> Sometimes it's easier to understand tests than patches or english.
> 
>> +      >>> response = self.publish('/test_folder_1_')
>> +      >>> print str(response) # doctest: +ELLIPSIS
>> +      Status: 200 OK
>> +      X-Powered-By: Zope (www.zope.org), Python (www.python.org)
>> +      Content-Length: 0
>> +      Set-Cookie: evil="cookie"
> 
> Interesting, Zope3 does not put quotes around cookie values, but Zope2
> always does. I wonder which is right?

Zope 2 was wrong (and it's been reported a number of time that it sometimes 
prevent interoperability with other systems) but changing it would break too 
much Zope 3 apps.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com