from:"Simon Blanchard"

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

2012-10-30 Thread Simon Blanchard


New submission from Simon Blanchard:

_LegalCharsPatt  = r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"

The above regex in cookies.py includes the the comma character but RFC 6265 
https://tools.ietf.org/html/rfc6265 section 4.1.1 says:

 cookie-octet  = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
   ; US-ASCII characters excluding CTLs,
   ; whitespace DQUOTE, comma, semicolon,
   ; and backslash

That is, no comma.

--
components: Library (Lib)
messages: 174183
nosy: Simon.Blanchard
priority: normal
severity: normal
status: open
title: _LegalCharsPatt in cookies.py includes illegal characters
type: behavior
versions: Python 2.7, Python 3.3

___
Python tracker 
<http://bugs.python.org/issue16362>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

2012-10-30 Thread Simon Blanchard


Simon Blanchard added the comment:

I have a real world example. Using Apache, mod_wsgi and Django. Given this in 
the META dict:

 'HTTP_COOKIE': 'yaean_djsession=23ab7bf8b260cbb2f2bc80b1c1fd98fa, 
yaean_yasession=ff2a3030ee3f428f91c6f554a63b459c',

Django via the Python cookie api gives this:

COOKIES:{'yaean_djsession': '23ab7bf8b260cbb2f2bc80b1c1fd98fa,',
 'yaean_yasession': 'ff2a3030ee3f428f91c6f554a63b459c'},

Note the comma on the end of the cookie named yaean_djsession in COOKIES. It 
should not be there. In this case session lookup fails.

--

___
Python tracker 
<http://bugs.python.org/issue16362>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

2012-10-31 Thread Simon Blanchard


Simon Blanchard added the comment:

'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Baiduspider/2.0; 
+http://www.baidu.com/search/spider.html)',

It's the Baidu spider according to the user agent string. (Baidu is the biggest 
search engine in China.) The serving app is Django + mod_wsgi + Apache - which 
I think must be OK. I guess the Baidu spider is broken?

Thanks

--

___
Python tracker 
<http://bugs.python.org/issue16362>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

[issue16362] _LegalCharsPatt in cookies.py includes illegal characters

3 matches

Site Navigation

Mail list logo

Footer information