diff --git a/Lib/Cookie.py b/Lib/Cookie.py index 452d4e3c75c..5fbbf945181 100644 --- a/Lib/Cookie.py +++ b/Lib/Cookie.py @@ -426,6 +426,8 @@ class Morsel(dict): "version" : "Version", } + _flags = {'secure', 'httponly'} + def __init__(self): # Set defaults self.key = self.value = self.coded_value = None @@ -532,6 +534,7 @@ _CookiePattern = re.compile( r"(?P" # Start of group 'key' ""+ _LegalCharsPatt +"+?" # Any word of at least one letter, nongreedy r")" # End of group 'key' + r"(" # Optional group: there may not be a value. r"\s*=\s*" # Equal Sign r"(?P" # Start of group 'val' r'"(?:[^\\"]|\\.)*"' # Any doublequoted string @@ -540,7 +543,9 @@ _CookiePattern = re.compile( r"|" # or ""+ _LegalCharsPatt +"*" # Any word or empty string r")" # End of group 'val' - r"\s*;?" # Probably ending in a semi-colon + r")?" # End of optional value group + r"\s*" # Any number of spaces. + r"(\s+|;|$)" # Ending either at space, semicolon, or EOS. ) @@ -656,8 +661,12 @@ class BaseCookie(dict): M[ K[1:] ] = V elif K.lower() in Morsel._reserved: if M: - M[ K ] = _unquote(V) - else: + if V is None: + if K.lower() in Morsel._flags: + M[K] = True + else: + M[K] = _unquote(V) + elif V is not None: rval, cval = self.value_decode(V) self.__set(K, rval, cval) M = self[K] diff --git a/Lib/test/test_cookie.py b/Lib/test/test_cookie.py index 816133e4972..5370a8de2b5 100644 --- a/Lib/test/test_cookie.py +++ b/Lib/test/test_cookie.py @@ -80,6 +80,51 @@ class CookieTests(unittest.TestCase): self.assertEqual(C.output(['val']), 'Set-Cookie: val="some\\054funky\\073stuff"') + def test_set_secure_httponly_attrs(self): + C = Cookie.SimpleCookie('Customer="WILE_E_COYOTE"') + C['Customer']['secure'] = True + C['Customer']['httponly'] = True + self.assertEqual(C.output(), + 'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure') + + def test_secure_httponly_false_if_not_present(self): + C = Cookie.SimpleCookie() + C.load('eggs=scrambled; Path=/bacon') + self.assertFalse(C['eggs']['httponly']) + self.assertFalse(C['eggs']['secure']) + + def test_secure_httponly_true_if_present(self): + # Issue 16611 + C = Cookie.SimpleCookie() + C.load('eggs=scrambled; httponly; secure; Path=/bacon') + self.assertTrue(C['eggs']['httponly']) + self.assertTrue(C['eggs']['secure']) + + def test_secure_httponly_true_if_have_value(self): + # This isn't really valid, but demonstrates what the current code + # is expected to do in this case. + C = Cookie.SimpleCookie() + C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon') + self.assertTrue(C['eggs']['httponly']) + self.assertTrue(C['eggs']['secure']) + # Here is what it actually does; don't depend on this behavior. These + # checks are testing backward compatibility for issue 16611. + self.assertEqual(C['eggs']['httponly'], 'foo') + self.assertEqual(C['eggs']['secure'], 'bar') + + def test_bad_attrs(self): + # Issue 16611: make sure we don't break backward compatibility. + C = Cookie.SimpleCookie() + C.load('cookie=with; invalid; version; second=cookie;') + self.assertEqual(C.output(), + 'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie') + + def test_extra_spaces(self): + C = Cookie.SimpleCookie() + C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ') + self.assertEqual(C.output(), + 'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo') + def test_quoted_meta(self): # Try cookie with quoted meta-data C = Cookie.SimpleCookie() diff --git a/Misc/NEWS b/Misc/NEWS index 40862a0a418..ddd2e0b5488 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -13,6 +13,9 @@ Core and Builtins Library ------- +- Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags. + Backport of issue #16611. + What's New in Python 2.7.8? ===========================