[Zope-Checkins] CVS: Zope/lib/python/ZPublisher - BaseResponse.py:1.15 HTTPRequest.py:1.78 HTTPResponse.py:1.67
R. David Murray
bitz@bitdance.com
Wed, 14 Aug 2002 12:45:53 -0400
Update of /cvs-repository/Zope/lib/python/ZPublisher
In directory cvs.zope.org:/tmp/cvs-serv32636
Modified Files:
BaseResponse.py HTTPRequest.py HTTPResponse.py
Log Message:
Quote cookie values when accepting them, and unquote them when
receiving them. This is required to comply with the spec for
cookies, which requires escaping of at least : and blank spaces.
I changed the setCookie routine in both BaseResponse and HTTPResponse
to keep them indentical. Since they *are* identical, one would think
that one of them could be eliminated.
=== Zope/lib/python/ZPublisher/BaseResponse.py 1.14 => 1.15 ===
--- Zope/lib/python/ZPublisher/BaseResponse.py:1.14 Sat Jun 22 10:04:56 2002
+++ Zope/lib/python/ZPublisher/BaseResponse.py Wed Aug 14 12:45:53 2002
@@ -16,6 +16,7 @@
__version__ = '$Revision$'[11:-2]
import types, sys
+from urllib import quote_plus
from types import StringType, InstanceType
from zExceptions import Unauthorized
@@ -71,6 +72,10 @@
cookie-enabled browsers with a key "name" and value
"value". This overwrites any previously set value for the
cookie in the Response object.
+
+ The value is quoted using urllib's url_quote_plus, which
+ quoting will be undone when the value is accessed through
+ REQUEST in a later transaction.
'''
cookies = self.cookies
if cookies.has_key(name):
@@ -79,7 +84,7 @@
cookie = cookies[name] = {}
for k, v in kw.items():
cookie[k] = v
- cookie['value'] = value
+ cookie['value'] = quote_plus(value)
def appendBody(self, body):
self.setBody(self.getBody() + body)
=== Zope/lib/python/ZPublisher/HTTPRequest.py 1.77 => 1.78 ===
--- Zope/lib/python/ZPublisher/HTTPRequest.py:1.77 Thu Aug 1 14:42:01 2002
+++ Zope/lib/python/ZPublisher/HTTPRequest.py Wed Aug 14 12:45:53 2002
@@ -17,7 +17,7 @@
from BaseRequest import BaseRequest
from HTTPResponse import HTTPResponse
from cgi import FieldStorage, escape
-from urllib import quote, unquote, splittype, splitport
+from urllib import quote, unquote, unquote_plus, splittype, splitport
from copy import deepcopy
from Converters import get_converter
from TaintedString import TaintedString
@@ -1458,7 +1458,7 @@
finally: release()
- if not already_have(name): result[name]=value
+ if not already_have(name): result[name]=unquote_plus(value)
return apply(parse_cookie,(text[l:],result))
=== Zope/lib/python/ZPublisher/HTTPResponse.py 1.66 => 1.67 ===
--- Zope/lib/python/ZPublisher/HTTPResponse.py:1.66 Sat Jun 22 11:49:59 2002
+++ Zope/lib/python/ZPublisher/HTTPResponse.py Wed Aug 14 12:45:53 2002
@@ -17,6 +17,7 @@
import types, os, sys, re
import zlib, struct
+from urllib import quote_plus
from string import translate, maketrans
from types import StringType, InstanceType, LongType, UnicodeType
from BaseResponse import BaseResponse
@@ -491,6 +492,10 @@
cookie-enabled browsers with a key "name" and value
"value". This overwrites any previously set value for the
cookie in the Response object.
+
+ The value is quoted using urllib's url_quote_plus, which
+ quoting will be undone when the value is accessed through
+ REQUEST in a later transaction.
'''
cookies = self.cookies
if cookies.has_key(name):
@@ -499,7 +504,7 @@
cookie = cookies[name] = {}
for k, v in kw.items():
cookie[k] = v
- cookie['value'] = value
+ cookie['value'] = quote_plus(value)
def appendHeader(self, name, value, delimiter=","):
'''\