Commit Graph

26 Commits

Author SHA1 Message Date
Benjamin Peterson ec7abfb58f allow square brackets in cookie values (#22931) 2015-05-23 10:46:25 -05:00
Serhiy Storchaka 186c5f07e6 Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2.
Patch by Tim Graham.
2014-11-02 22:35:47 +02:00
Guido van Rossum c9cdd0ccad Lax cookie parsing in http.cookies could be a security issue when
combined with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
2014-09-16 15:45:36 -07:00
Berker Peksag cf0a706c15 Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
Backport of issue #16611.
2014-07-02 10:48:27 +03:00
Benjamin Peterson bf67ba8f84 only run doctests when __doc__ is around 2012-10-16 09:51:46 -04:00
Senthil Kumaran f439a36630 Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert 2012-05-20 12:02:44 +08:00
R. David Murray 08fc701714 Merged revisions 87550 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines

  #9824: encode , and ; in cookie values so that browsers don't split on them

  There is a small chance of backward incompatibility here, but only for
  non-SimpleCookie applications reading SimpleCookie generated cookies.  Even
  then, any such ap is likely to be handling escaped values already, and it would
  take a fairly perverse implementation of unescaping to fail to unescape these
  newly escaped chars, so the risk seems minimal.
........
2010-12-28 19:11:03 +00:00
Georg Brandl 78e6957cdf Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line

  #1690103: fix initial namespace for code run with trace.main().
........
  r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line

  #4810: document "--" option separator in timeit help.
........
  r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line

  #8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes.  Handle that as a special case.
........
  r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line

  #4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
  r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line

  #5551: symbolic links never can be mount points.  Fixes the fix for #1713.
........
2010-08-01 18:52:52 +00:00
Florent Xicluna 6257a7bbb2 Replace catch_warnings with check_warnings when it makes sense. Use assertRaises context manager to simplify some tests. 2010-03-31 22:01:03 +00:00
Senthil Kumaran c730a6a123 Fixing the issue4860. Escaping embedded '"' character in js_output() method of Morsel. 2009-04-02 03:00:34 +00:00
Georg Brandl a962eb32d9 Convert test_cookie to unittest. 2006-10-29 19:51:16 +00:00
Georg Brandl 8246c439a8 Correct test suite for #848017. 2005-08-25 07:32:42 +00:00
Raymond Hettinger d73ef06cd3 Exercise sorted() where possible 2004-01-04 11:14:51 +00:00
Andrew M. Kuchling 4464432d8c Suppress unsafe *Cookie class warnings 2002-12-29 16:45:06 +00:00
Barry Warsaw 04f357cffe Get rid of relative imports in all unittests. Now anything that
imports e.g. test_support must do so using an absolute package name
such as "import test.test_support" or "from test import test_support".

This also updates the README in Lib/test, and gets rid of the
duplicate data dirctory in Lib/test/data (replaced by
Lib/email/test/data).

Now Tim and Jack can have at it. :)
2002-07-23 19:04:11 +00:00
Tim Peters a0a6222509 Teach regrtest how to pass on doctest failure msgs. This is done via a
horridly inefficient hack in regrtest's Compare class, but it's about as
clean as can be:  regrtest has to set up the Compare instance before
importing a test module, and by the time the module *is* imported it's too
late to change that decision.  The good news is that the more tests we
convert to unittest and doctest, the less the inefficiency here matters.
Even now there are few tests with large expected-output files (the new
cost here is a Python-level call per .write() when there's an expected-
output file).
2001-09-09 06:12:01 +00:00
Tim Peters 2f228e75e4 Get rid of the superstitious "~" in dict hashing's "i = (~hash) & mask".
The comment following used to say:
	/* We use ~hash instead of hash, as degenerate hash functions, such
	   as for ints <sigh>, can have lots of leading zeros. It's not
	   really a performance risk, but better safe than sorry.
	   12-Dec-00 tim:  so ~hash produces lots of leading ones instead --
	   what's the gain? */
That is, there was never a good reason for doing it.  And to the contrary,
as explained on Python-Dev last December, it tended to make the *sum*
(i + incr) & mask (which is the first table index examined in case of
collison) the same "too often" across distinct hashes.

Changing to the simpler "i = hash & mask" reduced the number of string-dict
collisions (== # number of times we go around the lookup for-loop) from about
6 million to 5 million during a full run of the test suite (these are
approximate because the test suite does some random stuff from run to run).
The number of collisions in non-string dicts also decreased, but not as
dramatically.

Note that this may, for a given dict, change the order (wrt previous
releases) of entries exposed by .keys(), .values() and .items().  A number
of std tests suffered bogus failures as a result.  For dicts keyed by
small ints, or (less so) by characters, the order is much more likely to be
in increasing order of key now; e.g.,

>>> d = {}
>>> for i in range(10):
...    d[i] = i
...
>>> d
{0: 0, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9}
>>>

Unfortunately. people may latch on to that in small examples and draw a
bogus conclusion.

test_support.py
    Moved test_extcall's sortdict() into test_support, made it stronger,
    and imported sortdict into other std tests that needed it.
test_unicode.py
    Excluced cp875 from the "roundtrip over range(128)" test, because
    cp875 doesn't have a well-defined inverse for unicode("?", "cp875").
    See Python-Dev for excruciating details.
Cookie.py
    Chaged various output functions to sort dicts before building
    strings from them.
test_extcall
    Fiddled the expected-result file.  This remains sensitive to native
    dict ordering, because, e.g., if there are multiple errors in a
    keyword-arg dict (and test_extcall sets up many cases like that), the
    specific error Python complains about first depends on native dict
    ordering.
2001-05-13 00:19:31 +00:00
Tim Peters eb26f95906 Since Guido fiddled Cookie.py to work with doctest, it's a Good Thing to
have the std test suite exercise the Cookie doctests too.
2001-04-06 21:20:58 +00:00
Andrew M. Kuchling 8b94b1c74a Added test for patch #103473: test an unquoted cookie value containing '=' 2001-02-21 01:17:54 +00:00
Fredrik Lundh f785042433 a bold attempt to fix things broken by MAL's verify patch: import
'verify' iff it's used by a test module...
2001-01-17 21:51:36 +00:00
Guido van Rossum f27cc5bc74 Marc-Andre must not have run these tests -- they used verify() but
didn't import it.  Also got rid of some inconsistent spaces inside
parentheses in test_gzip.py.
2001-01-17 21:43:06 +00:00
Marc-André Lemburg 3661908a6a This patch removes all uses of "assert" in the regression test suite
and replaces them with a new API verify(). As a result the regression
suite will also perform its tests in optimization mode.

Written by Marc-Andre Lemburg. Copyright assigned to Guido van Rossum.
2001-01-17 19:11:13 +00:00
Fred Drake 004d5e6880 Make reindent.py happy (convert everything to 4-space indents!). 2000-10-23 17:22:08 +00:00
Andrew M. Kuchling 103d5268c2 Updated test suite: test repr() and str() of cookies, and test metadata
fields with quoted values (as in Path="/acme")
2000-08-24 11:56:19 +00:00
Moshe Zadka 514a1028a2 Adding tests of the "attrs" optional argument, and of the js_output
functionality.
2000-08-19 15:57:33 +00:00
Andrew M. Kuchling cdec8c746b Test case for Cookie.py 2000-08-19 15:21:12 +00:00