Berker Peksag
d5a2377c3d
bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
2018-04-23 02:48:11 +03:00
Alex Gaynor
afbbac12a5
Removed a confusing line from a docstring in http.cookies (GH-6482)
...
There's no reason a cookie should _ever_ contain pickled data. That's just asking for a critical security vulnerability. Back in Python2 there were helpers for doing that, but they're no more in Python3. Now coded_value is used when the value needs to be encoded for any reason.
2018-04-15 17:23:47 -04:00
Alex Gaynor
c87eb09d2e
bpo-29613: Added support for SameSite cookies (GH-6413)
...
* bpo-29613: Added support for SameSite cookies
Implemented as per draft
https://tools.ietf.org/html/draft-west-first-party-cookies-07
* Documented SameSite
And suggestions by members.
* Missing space :(
* Updated News and contributors
* Added version changed details.
* Fix in documentation
* fix in documentation
* Clubbed test cases for same attribute into single.
* Updates
* Style nits + expand tests
* review feedback
2018-04-07 16:09:42 -04:00
Serhiy Storchaka
cc283378d6
Issue #29192 : Removed deprecated features in the http.cookies module.
2017-01-13 09:23:15 +02:00
Serhiy Storchaka
bd48d27944
Issue #22493 : Inline flags now should be used only at the start of the
...
regular expression. Deprecation warning is emitted if uses them in the
middle of the regular expression.
2016-09-11 12:50:02 +03:00
R David Murray
44b548dda8
#27364 : fix "incorrect" uses of escape character in the stdlib.
...
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Martin Panter
46f50726a0
Issue #27076 : Doc, comment and tests spelling fixes
...
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Anish Shah
102d813b55
Issue #26302 : Correctly identify comma as an invalid character for a cookie (correcting regression in Python 3.5).
2016-02-07 05:36:00 +05:00
Benjamin Peterson
5a69420062
merge 3.4 ( #22931 )
2015-05-23 10:41:30 -05:00
Benjamin Peterson
c4ae86e477
merge 3.3 ( #22931 )
2015-05-23 10:40:47 -05:00
Benjamin Peterson
d504f20e1c
merge 3.2 ( #22931 )
2015-05-23 10:38:48 -05:00
Benjamin Peterson
9bd476ea57
allow square brackets in cookie values ( closes #22931 )
2015-05-23 10:36:48 -05:00
R David Murray
1813c1701f
#2211 : properly document the Morsel behavior changes.
...
Also deprecate the undocumented set argument instead of removing
it already in 3.5.
Initial patch by Demian Brecht.
2015-03-29 17:09:21 -04:00
Serhiy Storchaka
6c32585f67
Restored backward compatibility of pickling http.cookies.Morsel. It was
...
broken after converting instance attributes to properies in issue #2211 .
2015-03-18 18:03:40 +02:00
Serhiy Storchaka
9c1a9b2657
Issue #2211 : Updated the implementation of the http.cookies.Morsel class.
...
Setting attributes key, value and coded_value directly now is deprecated.
update() and setdefault() now transform and check keys. Comparing for
equality now takes into account attributes key, value and coded_value.
copy() now returns a Morsel, not a dict. repr() now contains all attributes.
Optimized checking keys and quoting values. Added new tests.
Original patch by Demian Brecht.
2015-03-18 10:59:57 +02:00
Benjamin Peterson
5b883296f6
merge 3.4 ( #22986 )
2015-01-16 20:46:37 -05:00
Benjamin Peterson
bd341629b0
capitialize "HttpOnly" and "Secure" as they appear in the standard and other impls ( closes #23250 )
...
Patch by Jon Dufresne.
2015-01-16 20:43:55 -05:00
Antoine Pitrou
b1e36073cd
Issue #22796 : HTTP cookie parsing is now stricter, in order to protect against potential injection attacks.
2014-11-21 01:20:57 +01:00
Serhiy Storchaka
8cf7c1cff0
Issue #22775 : Fixed unpickling of http.cookies.SimpleCookie with protocol 2
...
and above. Patch by Tim Graham.
2014-11-02 22:18:25 +02:00
Antoine Pitrou
7d0b8f95e7
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Antoine Pitrou
dad182c16e
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Serhiy Storchaka
b992a0e102
Issue #19936 : Added executable bits or shebang lines to Python scripts which
...
requires them. Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface. Fixed
shebang line to use python3 executable in the unittestgui script.
2014-01-16 17:15:49 +02:00
R David Murray
cd0f74b1e0
#16611 : BaseCookie now parses 'secure' and 'httponly' flags.
...
Previously it generated them if they were given a value, but completely
ignored them if they were present in the string passed in to be parsed. Now
if the flag appears on a cookie, the corresponding Morsel key will reference a
True value. Other pre-existing behavior is retained in this maintenance
patch: if the source contains something like 'secure=foo', morsel['secure']
will return 'foo'. Since such a value doesn't round trip and never did (and
would be a surprising occurrence) a subsequent non-bug-fix patch may change
this behavior.
Inspired by a patch from Julien Phalip, who reviewed this one.
2013-08-25 11:09:02 -04:00
Senthil Kumaran
185f401308
merge - Fix for issue14426 - buildbots here I come
2012-05-20 16:58:59 +08:00
Senthil Kumaran
aeeba2629a
Fix for issue14426 - buildbots here I come
2012-05-20 16:58:30 +08:00
Senthil Kumaran
0b943a18ef
Issue #14426 : Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert
2012-05-20 12:06:51 +08:00
Senthil Kumaran
00c2ec282e
Issue #14426 : Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert
2012-05-20 12:05:16 +08:00
Senthil Kumaran
3a441c1bed
Fix Issue2193 - Allow ":" character in Cookie NAME values
2012-04-22 09:19:04 +08:00
R. David Murray
e05ca2aff4
#9824 : encode , and ; in cookie values so that browsers don't split on them
...
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
2010-12-28 18:54:13 +00:00
Georg Brandl
cbd2ab1311
#1513299 : cleanup some map() uses where a comprehension works better.
2010-12-04 10:39:14 +00:00
Georg Brandl
b16e38b825
#8826 : the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
2010-08-01 09:06:34 +00:00
Georg Brandl
76e155a157
#3788 : more tests for http.cookies, now at 95% coverage. Also bring coding style in the module up to PEP 8, where it does not break backwards compatibility.
2010-07-31 21:04:00 +00:00
Benjamin Peterson
90f5ba538b
convert shebang lines: python -> python3
2010-03-11 22:53:45 +00:00
Benjamin Peterson
8719ad5dde
Merged revisions 74277,74321,74323,74326,74355,74465,74467,74488,74492,74513,74531,74549,74553,74625,74632,74643-74644,74647,74652,74666,74671,74727,74739 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r74277 | sean.reifschneider | 2009-08-01 18:54:55 -0500 (Sat, 01 Aug 2009) | 3 lines
- Issue #6624 : yArg_ParseTuple with "s" format when parsing argument with
NUL: Bogus TypeError detail string.
........
r74321 | guilherme.polo | 2009-08-05 11:51:41 -0500 (Wed, 05 Aug 2009) | 1 line
Easier reference to find (at least while svn continues being used).
........
r74323 | guilherme.polo | 2009-08-05 18:48:26 -0500 (Wed, 05 Aug 2009) | 1 line
Typo.
........
r74326 | jesse.noller | 2009-08-05 21:05:56 -0500 (Wed, 05 Aug 2009) | 1 line
Fix issue 4660: spurious task_done errors in multiprocessing, remove doc note for from_address
........
r74355 | gregory.p.smith | 2009-08-12 12:02:37 -0500 (Wed, 12 Aug 2009) | 2 lines
comment typo fix
........
r74465 | vinay.sajip | 2009-08-15 18:23:12 -0500 (Sat, 15 Aug 2009) | 1 line
Added section on logging to one file from multiple processes.
........
r74467 | vinay.sajip | 2009-08-15 18:34:47 -0500 (Sat, 15 Aug 2009) | 1 line
Refined section on logging to one file from multiple processes.
........
r74488 | vinay.sajip | 2009-08-17 08:14:37 -0500 (Mon, 17 Aug 2009) | 1 line
Further refined section on logging to one file from multiple processes.
........
r74492 | r.david.murray | 2009-08-17 14:26:49 -0500 (Mon, 17 Aug 2009) | 2 lines
Issue 6685: 'toupper' -> 'upper' in cgi doc example explanation.
........
r74513 | skip.montanaro | 2009-08-18 09:37:52 -0500 (Tue, 18 Aug 2009) | 1 line
missing module ref (issue6723)
........
r74531 | vinay.sajip | 2009-08-20 17:04:32 -0500 (Thu, 20 Aug 2009) | 1 line
Added section on exceptions raised during logging.
........
r74549 | benjamin.peterson | 2009-08-24 12:42:36 -0500 (Mon, 24 Aug 2009) | 1 line
fix pdf building by teaching latex the right encoding package
........
r74553 | r.david.murray | 2009-08-26 20:04:59 -0500 (Wed, 26 Aug 2009) | 2 lines
Remove leftover text from end of sentence.
........
r74625 | benjamin.peterson | 2009-09-01 17:27:57 -0500 (Tue, 01 Sep 2009) | 1 line
remove the check that classmethod's argument is a callable
........
r74632 | georg.brandl | 2009-09-03 02:27:26 -0500 (Thu, 03 Sep 2009) | 1 line
#6828 : fix wrongly highlighted blocks.
........
r74643 | georg.brandl | 2009-09-04 01:59:20 -0500 (Fri, 04 Sep 2009) | 2 lines
Issue #2666 : Handle BROWSER environment variable properly for unknown browser names in the webbrowser module.
........
r74644 | georg.brandl | 2009-09-04 02:55:14 -0500 (Fri, 04 Sep 2009) | 1 line
#5047 : remove Monterey support from configure.
........
r74647 | georg.brandl | 2009-09-04 03:17:04 -0500 (Fri, 04 Sep 2009) | 2 lines
Issue #5275 : In Cookie's Cookie.load(), properly handle non-string arguments as documented.
........
r74652 | georg.brandl | 2009-09-04 06:25:37 -0500 (Fri, 04 Sep 2009) | 1 line
#6756 : add some info about the "acct" parameter.
........
r74666 | georg.brandl | 2009-09-05 04:04:09 -0500 (Sat, 05 Sep 2009) | 1 line
#6841 : remove duplicated word.
........
r74671 | georg.brandl | 2009-09-05 11:47:17 -0500 (Sat, 05 Sep 2009) | 1 line
#6843 : add link from filterwarnings to where the meaning of the arguments is covered.
........
r74727 | benjamin.peterson | 2009-09-08 18:04:22 -0500 (Tue, 08 Sep 2009) | 1 line
#6865 fix ref counting in initialization of pwd module
........
r74739 | georg.brandl | 2009-09-11 02:55:20 -0500 (Fri, 11 Sep 2009) | 1 line
Move function back to its section.
........
2009-09-11 22:24:02 +00:00
Georg Brandl
9cf32a12a1
Turn some comments into docstrings.
2009-09-04 08:28:01 +00:00
Georg Brandl
4eff9f7ff7
Remove pseudo-end markers from http.cookies.
2009-09-04 08:22:00 +00:00
Senthil Kumaran
3e2ea79bda
Fixing the issue4860. Escaping the embedded '"' in the js_output method of Morsel class.
2009-04-02 03:02:03 +00:00
Benjamin Peterson
35e661c711
Merged revisions 66262 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines
#1638033 : add support for httponly on Cookie.Morsel
Reviewer: Benjamin
........
2008-09-06 19:37:35 +00:00
Antoine Pitrou
fd036451bf
#2834 : Change re module semantics, so that str and bytes mixing is forbidden,
...
and str (unicode) patterns get full unicode matching by default. The re.ASCII
flag is also introduced to ask for ASCII matching instead.
2008-08-19 17:56:33 +00:00
Georg Brandl
6101395e74
Remove deprecated SmartCookie and SerialCookie classes.
2008-05-28 15:56:30 +00:00
Georg Brandl
2442015af2
Create http package. #2883 .
2008-05-26 16:32:26 +00:00