Commit 11a5404a authored by Andreas Jung's avatar Andreas Jung

- Launchpad #374729: Encoding cookie values to avoid issues with

  firewalls and security proxies.
parent 0da54750
...@@ -23,8 +23,11 @@ Restructuring ...@@ -23,8 +23,11 @@ Restructuring
Features Added Features Added
++++++++++++++ ++++++++++++++
- Launchpad #374729: Encoding cookie values to avoid issues with
firewalls and security proxies.
- Launchpad #374719: introducing new ZPublisher events: - Launchpad #374719: introducing new ZPublisher events:
PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit.
- Launchpad #373583: ZODBMountPoint - fixed broken mount support and - Launchpad #373583: ZODBMountPoint - fixed broken mount support and
extended the test suite. extended the test suite.
......
...@@ -1684,7 +1684,7 @@ def parse_cookie(text, ...@@ -1684,7 +1684,7 @@ def parse_cookie(text,
release() release()
if not already_have(name): if not already_have(name):
result[name] = value result[name] = unquote(value)
return apply(parse_cookie,(text[l:],result)) return apply(parse_cookie,(text[l:],result))
......
...@@ -23,6 +23,7 @@ from zExceptions import Unauthorized, Redirect ...@@ -23,6 +23,7 @@ from zExceptions import Unauthorized, Redirect
from zExceptions.ExceptionFormatter import format_exception from zExceptions.ExceptionFormatter import format_exception
from ZPublisher import BadRequest, InternalError, NotFound from ZPublisher import BadRequest, InternalError, NotFound
from cgi import escape from cgi import escape
from urllib import quote
nl2sp = maketrans('\n',' ') nl2sp = maketrans('\n',' ')
...@@ -842,7 +843,7 @@ class HTTPResponse(BaseResponse): ...@@ -842,7 +843,7 @@ class HTTPResponse(BaseResponse):
# quoted cookie attr values, so only the value part # quoted cookie attr values, so only the value part
# of name=value pairs may be quoted. # of name=value pairs may be quoted.
cookie = 'Set-Cookie: %s="%s"' % (name, attrs['value']) cookie = 'Set-Cookie: %s="%s"' % (name, quote(attrs['value']))
for name, v in attrs.items(): for name, v in attrs.items():
name = name.lower() name = name.lower()
if name == 'expires': if name == 'expires':
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment