[Python-checkins] cpython (2.7): Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
berker.peksag
python-checkins at python.org
Wed Jul 2 09:48:42 CEST 2014
http://hg.python.org/cpython/rev/0ba6ebd90b9d
changeset: 91523:0ba6ebd90b9d
branch: 2.7
parent: 91517:6cbb97f039bd
user: Berker Peksag <berker.peksag at gmail.com>
date: Wed Jul 02 10:48:27 2014 +0300
summary:
Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
Backport of issue #16611.
files:
Lib/Cookie.py | 15 +++++++-
Lib/test/test_cookie.py | 45 +++++++++++++++++++++++++++++
Misc/NEWS | 3 +
3 files changed, 60 insertions(+), 3 deletions(-)
diff --git a/Lib/Cookie.py b/Lib/Cookie.py
--- a/Lib/Cookie.py
+++ b/Lib/Cookie.py
@@ -426,6 +426,8 @@
"version" : "Version",
}
+ _flags = {'secure', 'httponly'}
+
def __init__(self):
# Set defaults
self.key = self.value = self.coded_value = None
@@ -532,6 +534,7 @@
r"(?P<key>" # Start of group 'key'
""+ _LegalCharsPatt +"+?" # Any word of at least one letter, nongreedy
r")" # End of group 'key'
+ r"(" # Optional group: there may not be a value.
r"\s*=\s*" # Equal Sign
r"(?P<val>" # Start of group 'val'
r'"(?:[^\\"]|\\.)*"' # Any doublequoted string
@@ -540,7 +543,9 @@
r"|" # or
""+ _LegalCharsPatt +"*" # Any word or empty string
r")" # End of group 'val'
- r"\s*;?" # Probably ending in a semi-colon
+ r")?" # End of optional value group
+ r"\s*" # Any number of spaces.
+ r"(\s+|;|$)" # Ending either at space, semicolon, or EOS.
)
@@ -656,8 +661,12 @@
M[ K[1:] ] = V
elif K.lower() in Morsel._reserved:
if M:
- M[ K ] = _unquote(V)
- else:
+ if V is None:
+ if K.lower() in Morsel._flags:
+ M[K] = True
+ else:
+ M[K] = _unquote(V)
+ elif V is not None:
rval, cval = self.value_decode(V)
self.__set(K, rval, cval)
M = self[K]
diff --git a/Lib/test/test_cookie.py b/Lib/test/test_cookie.py
--- a/Lib/test/test_cookie.py
+++ b/Lib/test/test_cookie.py
@@ -80,6 +80,51 @@
self.assertEqual(C.output(['val']),
'Set-Cookie: val="some\\054funky\\073stuff"')
+ def test_set_secure_httponly_attrs(self):
+ C = Cookie.SimpleCookie('Customer="WILE_E_COYOTE"')
+ C['Customer']['secure'] = True
+ C['Customer']['httponly'] = True
+ self.assertEqual(C.output(),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
+
+ def test_secure_httponly_false_if_not_present(self):
+ C = Cookie.SimpleCookie()
+ C.load('eggs=scrambled; Path=/bacon')
+ self.assertFalse(C['eggs']['httponly'])
+ self.assertFalse(C['eggs']['secure'])
+
+ def test_secure_httponly_true_if_present(self):
+ # Issue 16611
+ C = Cookie.SimpleCookie()
+ C.load('eggs=scrambled; httponly; secure; Path=/bacon')
+ self.assertTrue(C['eggs']['httponly'])
+ self.assertTrue(C['eggs']['secure'])
+
+ def test_secure_httponly_true_if_have_value(self):
+ # This isn't really valid, but demonstrates what the current code
+ # is expected to do in this case.
+ C = Cookie.SimpleCookie()
+ C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon')
+ self.assertTrue(C['eggs']['httponly'])
+ self.assertTrue(C['eggs']['secure'])
+ # Here is what it actually does; don't depend on this behavior. These
+ # checks are testing backward compatibility for issue 16611.
+ self.assertEqual(C['eggs']['httponly'], 'foo')
+ self.assertEqual(C['eggs']['secure'], 'bar')
+
+ def test_bad_attrs(self):
+ # Issue 16611: make sure we don't break backward compatibility.
+ C = Cookie.SimpleCookie()
+ C.load('cookie=with; invalid; version; second=cookie;')
+ self.assertEqual(C.output(),
+ 'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie')
+
+ def test_extra_spaces(self):
+ C = Cookie.SimpleCookie()
+ C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ')
+ self.assertEqual(C.output(),
+ 'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
+
def test_quoted_meta(self):
# Try cookie with quoted meta-data
C = Cookie.SimpleCookie()
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
Library
-------
+- Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
+ Backport of issue #16611.
+
What's New in Python 2.7.8?
===========================
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list