[Zope] cgi_module_publish cookie prsing errors?

Ty Sarna tsarna@endicor.com
2 Apr 1999 17:47:37 GMT


In article <19990330123523.28633@connect.com.au>,
Evan Gibson  <egibson@connect.com.au> wrote:
> This wouldn't be a problem, but since the cookies are returned to Principia
> in the form:
> 
> MC1=GUID=083F5B8E21DE11D28B2C08002BB74F3F
> 
> parse_cookie breaks since it looks for key value pairs WITHOUT an equals
> sign on either side. The extra = really confuses it.

You can make a case that this is legal according to the cookie spec:

    "NAME=VALUE
	This string is a sequence of characters excluding semi-colon, comma
	and white space. If there is a need to place such data in the
	name or value, some encoding method such as URL style %XX encoding
	is recommended, though no encoding is defined or required."

On the one hand, it implies that there should be only one equals sign.
On the other hand, it explicity lists forbidden characters that must be
encoded, and equals isn't included. In the spirit of "be conservative in
what you send, be liberal in what you accept", I think Zope should parse
these. Please submit your patch to Collector if you haven't already.