Carsten Klein <carsten.kl...@axn-software.de> added the comment:
One more: if you look closer at the accepted patch by CMLENZ over @ t.e.o., you
will find:
if self.req.headers_in.has_key('Cookie'):
- self.incookie.load(self.req.headers_in['Cookie'])
+ #self.incookie.load(self.req.headers_in['Cookie'])
+ cookie = self.req.headers_in['Cookie']
+ old_set = self.incookie._BaseCookie__set
+ bad_cookies = []
+ def safe_set(key, real_value, coded_value):
+ try:
+ old_set(key, real_value, coded_value)
+ except CookieError:
+ bad_cookies.append(key)
+ dict.__setitem__(self.incookie, key, None)
+ # override Cookie.set to ignore cookies with parse errors
+ self.incookie._BaseCookie__set = safe_set
+ # load the cookie values
+ self.incookie.load(cookie)
+ # clean up the Cookie.set overriding
+ self.incookie._BaseCookie__set = old_set
+ for key in bad_cookies:
+ del self.incookie[key]
+
which will eventually delete all cookies that do not match the original
production rule.
Besides that, the original poster of the issue forgot to properly limit the
cookies set by the other site to just a single host path, so these invalid
cookies got routed to the trac instance running on some different host.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue2193>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
