subject:"\[issue991266\] Cookie.py does not correctly quote Morsels"

[issue991266] Cookie.py does not correctly quote Morsels

2018-05-16 Thread Berker Peksag


Berker Peksag  added the comment:

I've opened bpo-33535 to discuss Mark Williams' suggestion.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
versions:  -Python 2.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-22 Thread Berker Peksag


Berker Peksag  added the comment:


New changeset 9fc998d761591f2741d8e94f5b3009c56ae83882 by Berker Peksag (Miss 
Islington (bot)) in branch '3.7':
bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
https://github.com/python/cpython/commit/9fc998d761591f2741d8e94f5b3009c56ae83882


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-22 Thread Berker Peksag


Berker Peksag  added the comment:


New changeset 8a6f4b4bba950fb8eead1b176c58202d773f2f70 by Berker Peksag (Miss 
Islington (bot)) in branch '3.6':
bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
https://github.com/python/cpython/commit/8a6f4b4bba950fb8eead1b176c58202d773f2f70


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-22 Thread miss-islington


Change by miss-islington :


--
pull_requests: +6268

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-22 Thread miss-islington


Change by miss-islington :


--
pull_requests: +6267

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-22 Thread Berker Peksag


Berker Peksag  added the comment:


New changeset d5a2377c3d70e4143bcbee4a765b3434e21f683a by Berker Peksag in 
branch 'master':
bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
https://github.com/python/cpython/commit/d5a2377c3d70e4143bcbee4a765b3434e21f683a


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-20 Thread Berker Peksag


Change by Berker Peksag :


--
pull_requests: +6251

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-19 Thread Alex Gaynor


Alex Gaynor  added the comment:

None of the above :-) I'd expect the last one, but with quoting.

You should not be able to set fields in a cookie by injection.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-19 Thread Berker Peksag


Berker Peksag  added the comment:

>>> from http.cookies import SimpleCookie
>>> c = SimpleCookie()
>>> c['name'] = 'value'
>>> c['name']['comment'] = '\n'
>>> c['name']['expires'] = '123; path=.example.invalid'
'Set-Cookie: name=value; Comment="\\012"; expires=123; path=.example.invalid'

What do you think that the snippet above should return?

'Set-Cookie: name=value; Comment="\\012"; expires=Fri, 20 Apr 2018 02:03:13 
GMT; path=.example.invalid'

or

'Set-Cookie: name=value; Comment="\\012"; expires=Fri, 20 Apr 2018 02:03:13 
GMT; path=".example.invalid"'

or

'Set-Cookie: name=value; Comment="\\012"; expires=123; 
path=".example.invalid"'

?

I don't think the path attribute (or all of them) needs to be quoted 
unconditionally. Looking at https://tools.ietf.org/html/rfc6265#section-4.1.1, 
it looks like quoting for cookie-value is optional.

Is there a use case or examples from other programming languages you can share 
with us?

--
versions: +Python 3.7, Python 3.8 -Python 3.4, Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-19 Thread Mark Williams


Mark Williams  added the comment:

This patch only quotes the Comment attribute, and the rest of the code only 
quotes attributes if they're of the expected type.  Consider Expires:

>>> from http.cookies import SimpleCookie
>>> c = SimpleCookie()
>>> c['name'] = 'value'
>>> c['name']['comment'] = '\n'
>>> c['name']['expires'] = 123
>>> c.output()
'Set-Cookie: name=value; Comment="\\012"; expires=Fri, 20 Apr 2018 02:03:13 GMT'
>>> c['name']['expires'] = '123; path=.example.invalid'
'Set-Cookie: name=value; Comment="\\012"; expires=123; path=.example.invalid'

Here's the offending line:

https://github.com/python/cpython/blob/b87c1c92fc93c5733cd3d8606ab2301ca6ba208f/Lib/http/cookies.py#L415

Why not quote all attribute values?

--
nosy: +Mark.Williams
versions: +Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2018-04-19 Thread Alex Gaynor


Alex Gaynor  added the comment:

Berker your patch looks good to me.

Convert it to a PR and then merge?

--
nosy: +alex

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2016-04-25 Thread Berker Peksag


Berker Peksag added the comment:

Here is a patch for Python 3.

--
nosy: +berker.peksag
versions: +Python 3.5, Python 3.6 -Python 3.1, Python 3.2
Added file: http://bugs.python.org/file42589/issue991266.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2014-02-03 Thread Mark Lawrence


Changes by Mark Lawrence breamore...@yahoo.co.uk:


--
nosy:  -BreamoreBoy

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2010-08-19 Thread Mark Lawrence


Mark Lawrence breamore...@yahoo.co.uk added the comment:

Can we have this committed please, msg82420 says the patches are ok.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2010-07-15 Thread Mark Lawrence


Mark Lawrence breamore...@yahoo.co.uk added the comment:

Can someone please take a look at this Cookie.py two line patch.

--
nosy: +BreamoreBoy

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2010-07-15 Thread Mark Lawrence


Changes by Mark Lawrence breamore...@yahoo.co.uk:


--
versions: +Python 2.7, Python 3.1, Python 3.2 -Python 2.6

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2009-02-18 Thread Zan Dobersek


Zan Dobersek zandober...@gmail.com added the comment:

This patch properly quotes cookie's comment and successfully passes
test_cookie.py with applied patch.

Added file: http://bugs.python.org/file13130/991266fix.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2009-02-18 Thread Daniel Diniz


Daniel Diniz aja...@gmail.com added the comment:

Thanks, Zan!

All tests pass with both patches applied. Test and fix look correct to me.

--
nosy: +ajaksu2
stage: test needed - patch review

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2009-02-14 Thread Zan Dobersek


Zan Dobersek zandober...@gmail.com added the comment:

This patch adds an unicode character, converted to UTF8 as a cookie's
comment and then checks if it is correctly quoted.

--
keywords: +patch
nosy: +zdobersek
Added file: http://bugs.python.org/file13085/991266test.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2009-02-13 Thread John J Lee


Changes by John J Lee jj...@users.sourceforge.net:


--
nosy:  -jjlee

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

2009-02-12 Thread Daniel Diniz


Changes by Daniel Diniz aja...@gmail.com:


--
nosy: +jjlee
stage:  - test needed
type:  - behavior
versions: +Python 2.6 -Python 2.3

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue991266
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

[issue991266] Cookie.py does not correctly quote Morsels

21 matches

Site Navigation

Mail list logo

Footer information