Message127368
| Author |
carsten.klein |
| Recipients |
BM, BreamoreBoy, aclover, akuchling, carsten.klein, dstanek, georg.brandl, jerry.seutter, jjlee, karlcow, r.david.murray, tim.peters |
| Date |
2011年01月29日.01:47:51 |
| SpamBayes Score |
1.4040005e-09 |
| Marked as misclassified |
No |
| Message-id |
<1296265671.86.0.168621650243.issue2193@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
One more: if you look closer at the accepted patch by CMLENZ over @ t.e.o., you will find:
if self.req.headers_in.has_key('Cookie'):
- self.incookie.load(self.req.headers_in['Cookie'])
+ #self.incookie.load(self.req.headers_in['Cookie'])
+ cookie = self.req.headers_in['Cookie']
+ old_set = self.incookie._BaseCookie__set
+ bad_cookies = []
+ def safe_set(key, real_value, coded_value):
+ try:
+ old_set(key, real_value, coded_value)
+ except CookieError:
+ bad_cookies.append(key)
+ dict.__setitem__(self.incookie, key, None)
+ # override Cookie.set to ignore cookies with parse errors
+ self.incookie._BaseCookie__set = safe_set
+ # load the cookie values
+ self.incookie.load(cookie)
+ # clean up the Cookie.set overriding
+ self.incookie._BaseCookie__set = old_set
+ for key in bad_cookies:
+ del self.incookie[key]
+
which will eventually delete all cookies that do not match the original production rule.
Besides that, the original poster of the issue forgot to properly limit the cookies set by the other site to just a single host path, so these invalid cookies got routed to the trac instance running on some different host. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年01月29日 01:47:51 | carsten.klein | set | recipients:
+ carsten.klein, tim.peters, akuchling, georg.brandl, jjlee, dstanek, jerry.seutter, BM, aclover, r.david.murray, karlcow, BreamoreBoy |
| 2011年01月29日 01:47:51 | carsten.klein | set | messageid: <1296265671.86.0.168621650243.issue2193@psf.upfronthosting.co.za> |
| 2011年01月29日 01:47:51 | carsten.klein | link | issue2193 messages |
| 2011年01月29日 01:47:51 | carsten.klein | create |
|