Commit Graph

25 Commits

Author SHA1 Message Date
Benjamin Peterson 5b883296f6 merge 3.4 (#22986) 2015-01-16 20:46:37 -05:00
Benjamin Peterson bd341629b0 capitialize "HttpOnly" and "Secure" as they appear in the standard and other impls (closes #23250)
Patch by Jon Dufresne.
2015-01-16 20:43:55 -05:00
Antoine Pitrou b1e36073cd Issue #22796: HTTP cookie parsing is now stricter, in order to protect against potential injection attacks. 2014-11-21 01:20:57 +01:00
Serhiy Storchaka 8cf7c1cff0 Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2
and above.  Patch by Tim Graham.
2014-11-02 22:18:25 +02:00
Antoine Pitrou 7d0b8f95e7 Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Serhiy Storchaka b992a0e102 Issue #19936: Added executable bits or shebang lines to Python scripts which
requires them.  Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface.  Fixed
shebang line to use python3 executable in the unittestgui script.
2014-01-16 17:15:49 +02:00
R David Murray cd0f74b1e0 #16611: BaseCookie now parses 'secure' and 'httponly' flags.
Previously it generated them if they were given a value, but completely
ignored them if they were present in the string passed in to be parsed.  Now
if the flag appears on a cookie, the corresponding Morsel key will reference a
True value.  Other pre-existing behavior is retained in this maintenance
patch: if the source contains something like 'secure=foo', morsel['secure']
will return 'foo'.  Since such a value doesn't round trip and never did (and
would be a surprising occurrence) a subsequent non-bug-fix patch may change
this behavior.

Inspired by a patch from Julien Phalip, who reviewed this one.
2013-08-25 11:09:02 -04:00
Senthil Kumaran 185f401308 merge - Fix for issue14426 - buildbots here I come 2012-05-20 16:58:59 +08:00
Senthil Kumaran aeeba2629a Fix for issue14426 - buildbots here I come 2012-05-20 16:58:30 +08:00
Senthil Kumaran 0b943a18ef Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert 2012-05-20 12:06:51 +08:00
Senthil Kumaran 00c2ec282e Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert 2012-05-20 12:05:16 +08:00
Senthil Kumaran 3a441c1bed Fix Issue2193 - Allow ":" character in Cookie NAME values 2012-04-22 09:19:04 +08:00
R. David Murray e05ca2aff4 #9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
2010-12-28 18:54:13 +00:00
Georg Brandl cbd2ab1311 #1513299: cleanup some map() uses where a comprehension works better. 2010-12-04 10:39:14 +00:00
Georg Brandl b16e38b825 #8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case. 2010-08-01 09:06:34 +00:00
Georg Brandl 76e155a157 #3788: more tests for http.cookies, now at 95% coverage. Also bring coding style in the module up to PEP 8, where it does not break backwards compatibility. 2010-07-31 21:04:00 +00:00
Benjamin Peterson 90f5ba538b convert shebang lines: python -> python3 2010-03-11 22:53:45 +00:00
Benjamin Peterson 8719ad5dde Merged revisions 74277,74321,74323,74326,74355,74465,74467,74488,74492,74513,74531,74549,74553,74625,74632,74643-74644,74647,74652,74666,74671,74727,74739 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r74277 | sean.reifschneider | 2009-08-01 18:54:55 -0500 (Sat, 01 Aug 2009) | 3 lines

  - Issue #6624: yArg_ParseTuple with "s" format when parsing argument with
    NUL: Bogus TypeError detail string.
........
  r74321 | guilherme.polo | 2009-08-05 11:51:41 -0500 (Wed, 05 Aug 2009) | 1 line

  Easier reference to find (at least while svn continues being used).
........
  r74323 | guilherme.polo | 2009-08-05 18:48:26 -0500 (Wed, 05 Aug 2009) | 1 line

  Typo.
........
  r74326 | jesse.noller | 2009-08-05 21:05:56 -0500 (Wed, 05 Aug 2009) | 1 line

  Fix issue 4660: spurious task_done errors in multiprocessing, remove doc note for from_address
........
  r74355 | gregory.p.smith | 2009-08-12 12:02:37 -0500 (Wed, 12 Aug 2009) | 2 lines

  comment typo fix
........
  r74465 | vinay.sajip | 2009-08-15 18:23:12 -0500 (Sat, 15 Aug 2009) | 1 line

  Added section on logging to one file from multiple processes.
........
  r74467 | vinay.sajip | 2009-08-15 18:34:47 -0500 (Sat, 15 Aug 2009) | 1 line

  Refined section on logging to one file from multiple processes.
........
  r74488 | vinay.sajip | 2009-08-17 08:14:37 -0500 (Mon, 17 Aug 2009) | 1 line

  Further refined section on logging to one file from multiple processes.
........
  r74492 | r.david.murray | 2009-08-17 14:26:49 -0500 (Mon, 17 Aug 2009) | 2 lines

  Issue 6685: 'toupper' -> 'upper' in cgi doc example explanation.
........
  r74513 | skip.montanaro | 2009-08-18 09:37:52 -0500 (Tue, 18 Aug 2009) | 1 line

  missing module ref (issue6723)
........
  r74531 | vinay.sajip | 2009-08-20 17:04:32 -0500 (Thu, 20 Aug 2009) | 1 line

  Added section on exceptions raised during logging.
........
  r74549 | benjamin.peterson | 2009-08-24 12:42:36 -0500 (Mon, 24 Aug 2009) | 1 line

  fix pdf building by teaching latex the right encoding package
........
  r74553 | r.david.murray | 2009-08-26 20:04:59 -0500 (Wed, 26 Aug 2009) | 2 lines

  Remove leftover text from end of sentence.
........
  r74625 | benjamin.peterson | 2009-09-01 17:27:57 -0500 (Tue, 01 Sep 2009) | 1 line

  remove the check that classmethod's argument is a callable
........
  r74632 | georg.brandl | 2009-09-03 02:27:26 -0500 (Thu, 03 Sep 2009) | 1 line

  #6828: fix wrongly highlighted blocks.
........
  r74643 | georg.brandl | 2009-09-04 01:59:20 -0500 (Fri, 04 Sep 2009) | 2 lines

  Issue #2666: Handle BROWSER environment variable properly for unknown browser names in the webbrowser module.
........
  r74644 | georg.brandl | 2009-09-04 02:55:14 -0500 (Fri, 04 Sep 2009) | 1 line

  #5047: remove Monterey support from configure.
........
  r74647 | georg.brandl | 2009-09-04 03:17:04 -0500 (Fri, 04 Sep 2009) | 2 lines

  Issue #5275: In Cookie's Cookie.load(), properly handle non-string arguments as documented.
........
  r74652 | georg.brandl | 2009-09-04 06:25:37 -0500 (Fri, 04 Sep 2009) | 1 line

  #6756: add some info about the "acct" parameter.
........
  r74666 | georg.brandl | 2009-09-05 04:04:09 -0500 (Sat, 05 Sep 2009) | 1 line

  #6841: remove duplicated word.
........
  r74671 | georg.brandl | 2009-09-05 11:47:17 -0500 (Sat, 05 Sep 2009) | 1 line

  #6843: add link from filterwarnings to where the meaning of the arguments is covered.
........
  r74727 | benjamin.peterson | 2009-09-08 18:04:22 -0500 (Tue, 08 Sep 2009) | 1 line

  #6865 fix ref counting in initialization of pwd module
........
  r74739 | georg.brandl | 2009-09-11 02:55:20 -0500 (Fri, 11 Sep 2009) | 1 line

  Move function back to its section.
........
2009-09-11 22:24:02 +00:00
Georg Brandl 9cf32a12a1 Turn some comments into docstrings. 2009-09-04 08:28:01 +00:00
Georg Brandl 4eff9f7ff7 Remove pseudo-end markers from http.cookies. 2009-09-04 08:22:00 +00:00
Senthil Kumaran 3e2ea79bda Fixing the issue4860. Escaping the embedded '"' in the js_output method of Morsel class. 2009-04-02 03:02:03 +00:00
Benjamin Peterson 35e661c711 Merged revisions 66262 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines

  #1638033: add support for httponly on Cookie.Morsel

  Reviewer: Benjamin
........
2008-09-06 19:37:35 +00:00
Antoine Pitrou fd036451bf #2834: Change re module semantics, so that str and bytes mixing is forbidden,
and str (unicode) patterns get full unicode matching by default. The re.ASCII
flag is also introduced to ask for ASCII matching instead.
2008-08-19 17:56:33 +00:00
Georg Brandl 6101395e74 Remove deprecated SmartCookie and SerialCookie classes. 2008-05-28 15:56:30 +00:00
Georg Brandl 2442015af2 Create http package. #2883. 2008-05-26 16:32:26 +00:00