[Zope-Checkins] SVN: Zope/branches/haufe-legacy-integration/ - Launchpad #374729: Encoding cookie values to avoid issues with

Andreas Jung andreas at andreas-jung.com
Mon May 11 04:38:12 EDT 2009 

Log message for revision 99836:
  - Launchpad #374729: Encoding cookie values to avoid issues with
    firewalls and security proxies.
  

Changed:
  U   Zope/branches/haufe-legacy-integration/doc/CHANGES.rst
  U   Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPRequest.py
  U   Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPResponse.py

-=-
Modified: Zope/branches/haufe-legacy-integration/doc/CHANGES.rst
===================================================================
--- Zope/branches/haufe-legacy-integration/doc/CHANGES.rst	2009-05-11 08:07:25 UTC (rev 99835)
+++ Zope/branches/haufe-legacy-integration/doc/CHANGES.rst	2009-05-11 08:38:11 UTC (rev 99836)
@@ -23,8 +23,11 @@
 Features Added
 ++++++++++++++
 
+- Launchpad #374729: Encoding cookie values to avoid issues with
+  firewalls and security proxies.
+
 - Launchpad #374719: introducing new ZPublisher events:
-  PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit
+  PubStart, PubSuccess, PubFailure, PubAfterTraversal and PubBeforeCommit.
 
 - Launchpad #373583: ZODBMountPoint - fixed broken mount support and 
   extended the test suite.

Modified: Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPRequest.py	2009-05-11 08:07:25 UTC (rev 99835)
+++ Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPRequest.py	2009-05-11 08:38:11 UTC (rev 99836)
@@ -1684,7 +1684,7 @@
         release()
 
     if not already_have(name):
-        result[name] = value
+        result[name] = unquote(value)
 
     return apply(parse_cookie,(text[l:],result))
 

Modified: Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPResponse.py
===================================================================
--- Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPResponse.py	2009-05-11 08:07:25 UTC (rev 99835)
+++ Zope/branches/haufe-legacy-integration/src/ZPublisher/HTTPResponse.py	2009-05-11 08:38:11 UTC (rev 99836)
@@ -23,6 +23,7 @@
 from zExceptions.ExceptionFormatter import format_exception
 from ZPublisher import BadRequest, InternalError, NotFound
 from cgi import escape
+from urllib import quote
 
 nl2sp = maketrans('\n',' ')
 
@@ -842,7 +843,7 @@
             # quoted cookie attr values, so only the value part
             # of name=value pairs may be quoted.
 
-            cookie = 'Set-Cookie: %s="%s"' % (name, attrs['value'])
+            cookie = 'Set-Cookie: %s="%s"' % (name, quote(attrs['value']))
             for name, v in attrs.items():
                 name = name.lower()
                 if name == 'expires':

More information about the Zope-Checkins mailing list