From 08002282e84394cb86508c51f2d7adfd1ece6da4 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Sun, 8 May 2016 13:13:48 -0500 Subject: improve cookie parsing allows '/' to be within a cookie name removes deprecated cookie getter/setter fixes #1118 --- netlib/http/cookies.py | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'netlib/http/cookies.py') diff --git a/netlib/http/cookies.py b/netlib/http/cookies.py index caa84ff7..2d5c18ca 100644 --- a/netlib/http/cookies.py +++ b/netlib/http/cookies.py @@ -1,5 +1,6 @@ from six.moves import http_cookies as Cookie import re +import string from email.utils import parsedate_tz, formatdate, mktime_tz from .. import odict @@ -27,7 +28,6 @@ variants. Serialization follows RFC6265. # TODO: Disallow LHS-only Cookie values - def _read_until(s, start, term): """ Read until one of the characters in term is reached. @@ -203,25 +203,26 @@ def refresh_set_cookie_header(c, delta): Returns: A refreshed Set-Cookie string """ - try: - c = Cookie.SimpleCookie(str(c)) - except Cookie.CookieError: + + name, value, attrs = parse_set_cookie_header(c) + if not name or not value: raise ValueError("Invalid Cookie") - for i in c.values(): - if "expires" in i: - d = parsedate_tz(i["expires"]) - if d: - d = mktime_tz(d) + delta - i["expires"] = formatdate(d) - else: - # This can happen when the expires tag is invalid. - # reddit.com sends a an expires tag like this: "Thu, 31 Dec - # 2037 23:59:59 GMT", which is valid RFC 1123, but not - # strictly correct according to the cookie spec. Browsers - # appear to parse this tolerantly - maybe we should too. - # For now, we just ignore this. - del i["expires"] - ret = c.output(header="").strip() + + if "expires" in attrs: + e = parsedate_tz(attrs["expires"][0]) + if e: + f = mktime_tz(e) + delta + attrs["expires"] = [formatdate(f)] + else: + # This can happen when the expires tag is invalid. + # reddit.com sends a an expires tag like this: "Thu, 31 Dec + # 2037 23:59:59 GMT", which is valid RFC 1123, but not + # strictly correct according to the cookie spec. Browsers + # appear to parse this tolerantly - maybe we should too. + # For now, we just ignore this. + del attrs["expires"] + + ret = format_set_cookie_header(name, value, attrs) if not ret: raise ValueError("Invalid Cookie") return ret -- cgit v1.2.3 From e2ee48a0ee8e6f6426686f8f7b06570cea20b236 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Mon, 9 May 2016 16:43:46 -0500 Subject: replace SimpleCookie with our own parser lib --- netlib/http/cookies.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'netlib/http/cookies.py') diff --git a/netlib/http/cookies.py b/netlib/http/cookies.py index 2d5c18ca..4451f1da 100644 --- a/netlib/http/cookies.py +++ b/netlib/http/cookies.py @@ -209,7 +209,7 @@ def refresh_set_cookie_header(c, delta): raise ValueError("Invalid Cookie") if "expires" in attrs: - e = parsedate_tz(attrs["expires"][0]) + e = parsedate_tz(attrs["expires"][-1]) if e: f = mktime_tz(e) + delta attrs["expires"] = [formatdate(f)] -- cgit v1.2.3