- Launchpad #374729: Encoding cookie values to avoid issues with

  firewalls and security proxies.

doc/CHANGES.rst

@@ -23,8 +23,11 @@ Restructuring
 Features Added
 ++++++++++++++
 
+- Launchpad #374729: Encoding cookie values to avoid issues with
+  firewalls and security proxies.
+
 - Launchpad #374719: introducing new ZPublisher events:
-  PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit
+  PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit.
 
 - Launchpad #373583: ZODBMountPoint - fixed broken mount support and 
   extended the test suite.

src/ZPublisher/HTTPRequest.py

@@ -1684,7 +1684,7 @@ def parse_cookie(text,
         release()
 
     if not already_have(name):
-        result[name] = value
+        result[name] = unquote(value)
 
     return apply(parse_cookie,(text[l:],result))
 

src/ZPublisher/HTTPResponse.py

@@ -23,6 +23,7 @@ from zExceptions import Unauthorized, Redirect
 from zExceptions.ExceptionFormatter import format_exception
 from ZPublisher import BadRequest, InternalError, NotFound
 from cgi import escape
+from urllib import quote
 
 nl2sp = maketrans('\n',' ')
 
@@ -842,7 +843,7 @@ class HTTPResponse(BaseResponse):
             # quoted cookie attr values, so only the value part
             # of name=value pairs may be quoted.
 
-            cookie = 'Set-Cookie: %s="%s"' % (name, attrs['value'])
+            cookie = 'Set-Cookie: %s="%s"' % (name, quote(attrs['value']))
             for name, v in attrs.items():
                 name = name.lower()
                 if name == 'expires':