[issue9824] SimpleCookie should escape commas and semi-colons
Georg Brandl ge...@python.org added the comment: Looks good. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
R. David Murray rdmur...@bitdance.com added the comment: Committed to py3k in r87550. Since the only application that would trip up would be one not using SimpleCookie to read SimpleCookie generated cookies *and* that doesn't implement unescaping (in which case it wasn't really handling SimpleCookie cookies, was it?), I went ahead and backported it to 3.1 in r87551 and 2.7 in r87552. -- resolution: - fixed stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
R. David Murray rdmur...@bitdance.com added the comment: Here's a patch against py3k with test. If I'm understanding the issue correctly, this looks like a pretty safe change. -- nosy: +r.david.murray stage: - patch review Added file: http://bugs.python.org/file20087/cookies_extra_coding.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
Georg Brandl ge...@python.org added the comment: I will have a look at this, it looks like it could at least use a few tests. -- assignee: - georg.brandl nosy: +georg.brandl priority: normal - critical ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
Éric Araujo mer...@netwok.org added the comment: Thanks for forwarding this upstream. A tip about Python versions: Bugs are fixed on the active branch, py3k (which will become 3.2), then backported to 3.1 and 2.7. Security fixes go into 2.5 and 2.6 too. 3.3 means that something won’t make it to 3.2 and is delayed. -- nosy: +eric.araujo versions: -Python 2.5, Python 2.6, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
New submission from Luke Plant l.plant...@cantab.net: In developing Django, we found that some browsers don't treat commas and semi-colons in cookie values (i.e. the Set-Cookie header) the way that RFC 2109 says they should. (Safari splits the header on a comma followed by space, Internet Explorer splits on semi-colons - both irrespective of any 'quoting'). The result is that if you use SimpleCookie to create Set-Cookie headers, where the cookie value contains a comma or semi-colon, you can get all kinds of breakage. In the end, we realised that the RFCs are kind of irrelevant, and we have to look at what browsers actually do. So, it would be much more useful if semi-colons and commas were escaped the way that other characters are by SimpleCookie. Our discussion/findings are here: http://code.djangoproject.com/ticket/12470#comment:4 http://groups.google.com/group/django-developers/msg/2cb729938e8e67ca The patch to Cookie.py (Python 2.X) or http/cookies.py (Python 3.X) is simple and follows. I'm assuming that this applies to Python 3.2 and 3.3, but I haven't checked. -- components: Library (Lib) files: simplecookie_fix.diff keywords: patch messages: 116030 nosy: spookylukey priority: normal severity: normal status: open title: SimpleCookie should escape commas and semi-colons type: behavior versions: Python 2.5, Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3 Added file: http://bugs.python.org/file18833/simplecookie_fix.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9824] SimpleCookie should escape commas and semi-colons
Luke Plant l.plant...@cantab.net added the comment: I forgot to mention backwards compatibility: In the context of Cookie being used in a web application, if developers were relying on literal commas and semi-colons being present in the client side cookie value (e.g. in javascript), the patch will introduce an incompatibility. A quick review of cookies on my computer shows that 22 out of 3079 have commas in them, and none have semi-colons in them. For those with commas, there would still only be a problem if they were reading them client side, or not using Python's Cookie library to decode the values server side. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9824 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com