Antoine Pitrou
b1e36073cd
Issue #22796 : HTTP cookie parsing is now stricter, in order to protect against potential injection attacks.
2014-11-21 01:20:57 +01:00
Serhiy Storchaka
8cf7c1cff0
Issue #22775 : Fixed unpickling of http.cookies.SimpleCookie with protocol 2
...
and above. Patch by Tim Graham.
2014-11-02 22:18:25 +02:00
Antoine Pitrou
7d0b8f95e7
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Serhiy Storchaka
b992a0e102
Issue #19936 : Added executable bits or shebang lines to Python scripts which
...
requires them. Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface. Fixed
shebang line to use python3 executable in the unittestgui script.
2014-01-16 17:15:49 +02:00
R David Murray
cd0f74b1e0
#16611 : BaseCookie now parses 'secure' and 'httponly' flags.
...
Previously it generated them if they were given a value, but completely
ignored them if they were present in the string passed in to be parsed. Now
if the flag appears on a cookie, the corresponding Morsel key will reference a
True value. Other pre-existing behavior is retained in this maintenance
patch: if the source contains something like 'secure=foo', morsel['secure']
will return 'foo'. Since such a value doesn't round trip and never did (and
would be a surprising occurrence) a subsequent non-bug-fix patch may change
this behavior.
Inspired by a patch from Julien Phalip, who reviewed this one.
2013-08-25 11:09:02 -04:00
Senthil Kumaran
185f401308
merge - Fix for issue14426 - buildbots here I come
2012-05-20 16:58:59 +08:00
Senthil Kumaran
aeeba2629a
Fix for issue14426 - buildbots here I come
2012-05-20 16:58:30 +08:00
Senthil Kumaran
0b943a18ef
Issue #14426 : Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert
2012-05-20 12:06:51 +08:00
Senthil Kumaran
00c2ec282e
Issue #14426 : Correct the Date format in Expires attribute of Set-Cookie. Patch by Federico Reghenzani and Müte Invert
2012-05-20 12:05:16 +08:00
Senthil Kumaran
3a441c1bed
Fix Issue2193 - Allow ":" character in Cookie NAME values
2012-04-22 09:19:04 +08:00
R. David Murray
e05ca2aff4
#9824 : encode , and ; in cookie values so that browsers don't split on them
...
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
2010-12-28 18:54:13 +00:00
Georg Brandl
cbd2ab1311
#1513299 : cleanup some map() uses where a comprehension works better.
2010-12-04 10:39:14 +00:00
Georg Brandl
b16e38b825
#8826 : the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
2010-08-01 09:06:34 +00:00
Georg Brandl
76e155a157
#3788 : more tests for http.cookies, now at 95% coverage. Also bring coding style in the module up to PEP 8, where it does not break backwards compatibility.
2010-07-31 21:04:00 +00:00
Benjamin Peterson
90f5ba538b
convert shebang lines: python -> python3
2010-03-11 22:53:45 +00:00
Benjamin Peterson
8719ad5dde
Merged revisions 74277,74321,74323,74326,74355,74465,74467,74488,74492,74513,74531,74549,74553,74625,74632,74643-74644,74647,74652,74666,74671,74727,74739 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r74277 | sean.reifschneider | 2009-08-01 18:54:55 -0500 (Sat, 01 Aug 2009) | 3 lines
- Issue #6624 : yArg_ParseTuple with "s" format when parsing argument with
NUL: Bogus TypeError detail string.
........
r74321 | guilherme.polo | 2009-08-05 11:51:41 -0500 (Wed, 05 Aug 2009) | 1 line
Easier reference to find (at least while svn continues being used).
........
r74323 | guilherme.polo | 2009-08-05 18:48:26 -0500 (Wed, 05 Aug 2009) | 1 line
Typo.
........
r74326 | jesse.noller | 2009-08-05 21:05:56 -0500 (Wed, 05 Aug 2009) | 1 line
Fix issue 4660: spurious task_done errors in multiprocessing, remove doc note for from_address
........
r74355 | gregory.p.smith | 2009-08-12 12:02:37 -0500 (Wed, 12 Aug 2009) | 2 lines
comment typo fix
........
r74465 | vinay.sajip | 2009-08-15 18:23:12 -0500 (Sat, 15 Aug 2009) | 1 line
Added section on logging to one file from multiple processes.
........
r74467 | vinay.sajip | 2009-08-15 18:34:47 -0500 (Sat, 15 Aug 2009) | 1 line
Refined section on logging to one file from multiple processes.
........
r74488 | vinay.sajip | 2009-08-17 08:14:37 -0500 (Mon, 17 Aug 2009) | 1 line
Further refined section on logging to one file from multiple processes.
........
r74492 | r.david.murray | 2009-08-17 14:26:49 -0500 (Mon, 17 Aug 2009) | 2 lines
Issue 6685: 'toupper' -> 'upper' in cgi doc example explanation.
........
r74513 | skip.montanaro | 2009-08-18 09:37:52 -0500 (Tue, 18 Aug 2009) | 1 line
missing module ref (issue6723)
........
r74531 | vinay.sajip | 2009-08-20 17:04:32 -0500 (Thu, 20 Aug 2009) | 1 line
Added section on exceptions raised during logging.
........
r74549 | benjamin.peterson | 2009-08-24 12:42:36 -0500 (Mon, 24 Aug 2009) | 1 line
fix pdf building by teaching latex the right encoding package
........
r74553 | r.david.murray | 2009-08-26 20:04:59 -0500 (Wed, 26 Aug 2009) | 2 lines
Remove leftover text from end of sentence.
........
r74625 | benjamin.peterson | 2009-09-01 17:27:57 -0500 (Tue, 01 Sep 2009) | 1 line
remove the check that classmethod's argument is a callable
........
r74632 | georg.brandl | 2009-09-03 02:27:26 -0500 (Thu, 03 Sep 2009) | 1 line
#6828 : fix wrongly highlighted blocks.
........
r74643 | georg.brandl | 2009-09-04 01:59:20 -0500 (Fri, 04 Sep 2009) | 2 lines
Issue #2666 : Handle BROWSER environment variable properly for unknown browser names in the webbrowser module.
........
r74644 | georg.brandl | 2009-09-04 02:55:14 -0500 (Fri, 04 Sep 2009) | 1 line
#5047 : remove Monterey support from configure.
........
r74647 | georg.brandl | 2009-09-04 03:17:04 -0500 (Fri, 04 Sep 2009) | 2 lines
Issue #5275 : In Cookie's Cookie.load(), properly handle non-string arguments as documented.
........
r74652 | georg.brandl | 2009-09-04 06:25:37 -0500 (Fri, 04 Sep 2009) | 1 line
#6756 : add some info about the "acct" parameter.
........
r74666 | georg.brandl | 2009-09-05 04:04:09 -0500 (Sat, 05 Sep 2009) | 1 line
#6841 : remove duplicated word.
........
r74671 | georg.brandl | 2009-09-05 11:47:17 -0500 (Sat, 05 Sep 2009) | 1 line
#6843 : add link from filterwarnings to where the meaning of the arguments is covered.
........
r74727 | benjamin.peterson | 2009-09-08 18:04:22 -0500 (Tue, 08 Sep 2009) | 1 line
#6865 fix ref counting in initialization of pwd module
........
r74739 | georg.brandl | 2009-09-11 02:55:20 -0500 (Fri, 11 Sep 2009) | 1 line
Move function back to its section.
........
2009-09-11 22:24:02 +00:00
Georg Brandl
9cf32a12a1
Turn some comments into docstrings.
2009-09-04 08:28:01 +00:00
Georg Brandl
4eff9f7ff7
Remove pseudo-end markers from http.cookies.
2009-09-04 08:22:00 +00:00
Senthil Kumaran
3e2ea79bda
Fixing the issue4860. Escaping the embedded '"' in the js_output method of Morsel class.
2009-04-02 03:02:03 +00:00
Benjamin Peterson
35e661c711
Merged revisions 66262 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines
#1638033 : add support for httponly on Cookie.Morsel
Reviewer: Benjamin
........
2008-09-06 19:37:35 +00:00
Antoine Pitrou
fd036451bf
#2834 : Change re module semantics, so that str and bytes mixing is forbidden,
...
and str (unicode) patterns get full unicode matching by default. The re.ASCII
flag is also introduced to ask for ASCII matching instead.
2008-08-19 17:56:33 +00:00
Georg Brandl
6101395e74
Remove deprecated SmartCookie and SerialCookie classes.
2008-05-28 15:56:30 +00:00
Georg Brandl
2442015af2
Create http package. #2883 .
2008-05-26 16:32:26 +00:00