[Zope3-checkins] SVN: Zope3/trunk/src/zope/publisher/ bugfix for issue http://www.zope.org/Collectors/Zope3-dev/450

Roger Ineichen roger at projekt01.ch
Wed Sep 14 20:43:59 EDT 2005 

Log message for revision 38476:
  bugfix for issue http://www.zope.org/Collectors/Zope3-dev/450
  Ignore CookieError and write the exception as a warn message 
  to the eventlog. Because we don't handle cookies with wrong 
  key, values.

Changed:
  U   Zope3/trunk/src/zope/publisher/http.py
  U   Zope3/trunk/src/zope/publisher/tests/test_http.py

-=-
Modified: Zope3/trunk/src/zope/publisher/http.py
===================================================================
--- Zope3/trunk/src/zope/publisher/http.py	2005-09-14 21:43:41 UTC (rev 38475)
+++ Zope3/trunk/src/zope/publisher/http.py	2005-09-15 00:43:59 UTC (rev 38476)
@@ -20,6 +20,8 @@
 from types import StringTypes, ClassType
 from cgi import escape
 from Cookie import SimpleCookie
+from Cookie import CookieError
+import logging
 
 from zope.deprecation import deprecation
 from zope.interface import implements
@@ -348,7 +350,14 @@
         if result is None:
             result = {}
 
-        c = SimpleCookie(text)
+        # ignore cookies on a CookieError
+        try:
+            c = SimpleCookie(text)
+        except CookieError, e:
+            log = logging.getLogger('eventlog')
+            log.warn(e)
+            return result
+
         for k,v in c.items():
             result[unicode(k, ENCODING)] = unicode(v.value, ENCODING)
 
@@ -852,7 +861,12 @@
         return location
 
     def _cookie_list(self):
-        c = SimpleCookie()
+        try:
+            c = SimpleCookie()
+        except CookieError, e:
+            log = logging.getLogger('eventlog')
+            log.warn(e)
+            return []
         for name, attrs in self._cookies.items():
             name = str(name)
             c[name] = attrs['value'].encode(ENCODING)

Modified: Zope3/trunk/src/zope/publisher/tests/test_http.py
===================================================================
--- Zope3/trunk/src/zope/publisher/tests/test_http.py	2005-09-14 21:43:41 UTC (rev 38475)
+++ Zope3/trunk/src/zope/publisher/tests/test_http.py	2005-09-15 00:43:59 UTC (rev 38476)
@@ -246,6 +246,25 @@
         # Reserved key
         self.failIf(req.cookies.has_key('path'))
 
+    def testCookieErrorToLog(self):
+        cookies = {
+            'HTTP_COOKIE':
+                'foo=bar; path=/; spam="eggs", ldap/OU="Williams"'
+        }
+        req = self._createRequest(extra_env=cookies)
+
+        self.failIf(req.cookies.has_key('foo'))
+        self.failIf(req.has_key('foo'))
+
+        self.failIf(req.cookies.has_key('spam'))
+        self.failIf(req.has_key('spam'))
+
+        self.failIf(req.cookies.has_key('ldap/OU'))
+        self.failIf(req.has_key('ldap/OU'))
+
+        # Reserved key
+        self.failIf(req.cookies.has_key('path'))
+
     def testCookiesUnicode(self):
         # Cookie values are assumed to be UTF-8 encoded
         cookies = {'HTTP_COOKIE': r'key="\342\230\243";'}

More information about the Zope3-Checkins mailing list