Commit Graph

35 Commits

Author SHA1 Message Date
Serhiy Storchaka 186c5f07e6 Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2.
Patch by Tim Graham.
2014-11-02 22:35:47 +02:00
Guido van Rossum c9cdd0ccad Lax cookie parsing in http.cookies could be a security issue when
combined with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-16 15:45:36 -07:00
Ezio Melotti f97376f952 #21945: fix typo in Cookie module docstring. 2014-07-09 15:45:25 +03:00
Berker Peksag cf0a706c15 Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
Backport of issue #16611.
2014-07-02 10:48:27 +03:00
Serhiy Storchaka e0ed2d75c8 Issue #19936: Added executable bits or shebang lines to Python scripts which
requires them.  Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface.
2014-01-16 18:59:17 +02:00
Ezio Melotti f5469cff1f #18705: fix a number of typos. Patch by Févry Thibault. 2013-08-17 15:43:51 +03:00
Senthil Kumaran 9cffd882ab Fix for issue14426 - buildbots here I come 2012-05-20 16:56:24 +08:00
Senthil Kumaran f439a36630 Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert 2012-05-20 12:02:44 +08:00
R. David Murray 08fc701714 Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines

  #9824: encode , and ; in cookie values so that browsers don't split on them

  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........
2010-12-28 19:11:03 +00:00
Georg Brandl 78e6957cdf Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line

  #1690103: fix initial namespace for code run with trace.main().
........
  r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line

  #4810: document "--" option separator in timeit help.
........
  r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line

  #8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes.  Handle that as a special case.
........
  r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line

  #4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
  r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line

  #5551: symbolic links never can be mount points.  Fixes the fix for #1713.
........
2010-08-01 18:52:52 +00:00
Georg Brandl d22b9519d1 Issue #5275: In Cookie's Cookie.load(), properly handle non-string arguments as documented. 2009-09-04 08:17:04 +00:00
Senthil Kumaran c730a6a123 Fixing the issue4860. Escaping embedded '"' character in js_output() method of Morsel. 2009-04-02 03:00:34 +00:00
Benjamin Peterson 6ac7d7c80b #1638033: add support for httponly on Cookie.Morsel
Reviewer: Benjamin
2008-09-06 19:28:11 +00:00
Tim Peters c02c1c8a12 Whitespace normalization. 2006-08-15 00:25:04 +00:00
Georg Brandl d76bd69712 Cookie.py shouldn't "bogusly" use string._idmap. 2006-08-14 22:01:24 +00:00
Georg Brandl 8246c439a8 Correct test suite for #848017. 2005-08-25 07:32:42 +00:00
Georg Brandl 532efabf1d patch #848017: make Cookie more RFC-compliant. 2005-08-24 22:34:21 +00:00
Georg Brandl 03a33ea3a8 bug [ 1108948 ] Cookie.py produces invalid code 2005-06-26 21:02:49 +00:00
Walter Dörwald f0dfc7ac5c Fix a bunch of typos in documentation, docstrings and comments.
(From SF patch #810751)
2003-10-20 14:01:56 +00:00
Andrew M. Kuchling 7877a76107 Patch #655760: add warnings when the unsafe *Cookie classes are instantiated 2002-12-29 16:44:31 +00:00
Andrew M. Kuchling 6cd77126b4 No point in warning about needing re module; remove helpful message 2002-12-17 18:59:51 +00:00
Andrew M. Kuchling 3c76ad0f8d Fix comment typo 2002-12-17 18:56:26 +00:00
Raymond Hettinger 0a2963c797 Apply SF 562987 modernizing Cookie to subclass from dict instead of UserDict 2002-06-26 15:19:01 +00:00
Fred Drake d451ec1cdb Clean up uses of some deprecated features.
Reported by Neal Norwitz on python-dev.
2002-04-26 02:29:55 +00:00
Martin v. Löwis 02d893cfae Patch #444359: Remove unused imports. 2001-08-02 07:15:29 +00:00
Fred Drake 79e75e1916 Use string.ascii_letters instead of string.letters (SF bug #226706). 2001-07-20 19:05:50 +00:00
Tim Peters 2f228e75e4 Get rid of the superstitious "~" in dict hashing's "i = (~hash) & mask".
The comment following used to say:
	/* We use ~hash instead of hash, as degenerate hash functions, such
	   as for ints <sigh>, can have lots of leading zeros. It's not
	   really a performance risk, but better safe than sorry.
	   12-Dec-00 tim:  so ~hash produces lots of leading ones instead --
	   what's the gain? */
That is, there was never a good reason for doing it.  And to the contrary,
as explained on Python-Dev last December, it tended to make the *sum*
(i + incr) & mask (which is the first table index examined in case of
collison) the same "too often" across distinct hashes.

Changing to the simpler "i = hash & mask" reduced the number of string-dict
collisions (== # number of times we go around the lookup for-loop) from about
6 million to 5 million during a full run of the test suite (these are
approximate because the test suite does some random stuff from run to run).
The number of collisions in non-string dicts also decreased, but not as
dramatically.

Note that this may, for a given dict, change the order (wrt previous
releases) of entries exposed by .keys(), .values() and .items().  A number
of std tests suffered bogus failures as a result.  For dicts keyed by
small ints, or (less so) by characters, the order is much more likely to be
in increasing order of key now; e.g.,

>>> d = {}
>>> for i in range(10):
...    d[i] = i
...
>>> d
{0: 0, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9}
>>>

Unfortunately. people may latch on to that in small examples and draw a
bogus conclusion.

test_support.py
    Moved test_extcall's sortdict() into test_support, made it stronger,
    and imported sortdict into other std tests that needed it.
test_unicode.py
    Excluced cp875 from the "roundtrip over range(128)" test, because
    cp875 doesn't have a well-defined inverse for unicode("?", "cp875").
    See Python-Dev for excruciating details.
Cookie.py
    Chaged various output functions to sort dicts before building
    strings from them.
test_extcall
    Fiddled the expected-result file.  This remains sensitive to native
    dict ordering, because, e.g., if there are multiple errors in a
    keyword-arg dict (and test_extcall sets up many cases like that), the
    specific error Python complains about first depends on native dict
    ordering.
2001-05-13 00:19:31 +00:00
Guido van Rossum 58b6f5b53e Since this module already uses doctest-style examples, I figured I'd
add a self-test using doctest.  Results:

- The docstring needs to be a raw string because it uses \"...\".

- The oreo example was broken: the Set-Cookie output doesn't add
  quotes around "doublestuff".

- I had to change the example that prints the class of a Cookie.Cookie
  instance to avoid incorporating an arbitrary object address in the
  test output.

Pretty good score for both doctest and the doc string, I'd say!
2001-04-06 19:39:11 +00:00
Andrew M. Kuchling c05abb3bda Patch #103473 from dougfort: Some sites (amazon.com for one) drop
cookies that contain '=' as part of the value. This patch modifies
Cookie.py to allow '=' as a legal character, and to make the key
search nongreedy so it stops at the first '='.
2001-02-20 22:11:24 +00:00
Skip Montanaro e99d5ea25b added __all__ lists to a number of Python modules
added test script and expected output file as well
this closes patch 103297.
__all__ attributes will be added to other modules without first submitting
a patch, just adding the necessary line to the test script to verify
more-or-less correct implementation.
2001-01-20 19:54:20 +00:00
Tim Peters 88869f9787 Whitespace normalization. 2001-01-14 23:36:06 +00:00
Fred Drake 8152d32375 Update the code to better reflect recommended style:
Use != instead of <> since <> is documented as "obsolescent".
Use "is" and "is not" when comparing with None or type objects.
2000-12-12 23:20:45 +00:00
Fred Drake ff5364ac9d Whitespace cleanup; now passes the regression test (the last checkin made
it fail on a TabError (inconsistent tab/space usage)).

Removed a comment about including a test since there is a regression test
for this module.
2000-08-24 14:40:35 +00:00
Andrew M. Kuchling 0b29b11187 Updated version of Cookie.py (rev. 2.29) from timo 2000-08-24 11:52:33 +00:00
Andrew M. Kuchling 52ea872777 Added Tim O'Malley's Cookie.py module (master version at
http://www.timo-tasi.org/python/Cookie.py)
This is revision 2.26 according to Tim's RCS history.
2000-08-19 13:01:19 +00:00