diff options
| author | Georg Brandl <georg@python.org> | 2010-05-22 11:29:19 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2010-05-22 11:29:19 (GMT) |
| commit | 5d0ca2c8323b39e392c0c0bd31340cc3e1113c97 (patch) | |
| tree | 1601fff6f5da3b4163e13c562a6e7a1e99280302 /Lib/cookielib.py | |
| parent | f93ce0c1f53bf8507eb970b7113c93994ce682a0 (diff) | |
| download | cpython-5d0ca2c8323b39e392c0c0bd31340cc3e1113c97.zip cpython-5d0ca2c8323b39e392c0c0bd31340cc3e1113c97.tar.gz cpython-5d0ca2c8323b39e392c0c0bd31340cc3e1113c97.tar.bz2 | |
Issue #3924: Ignore cookies with invalid "version" field in cookielib.
Diffstat (limited to 'Lib/cookielib.py')
| -rw-r--r-- | Lib/cookielib.py | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/Lib/cookielib.py b/Lib/cookielib.py index 6b59794..eed45f6 100644 --- a/Lib/cookielib.py +++ b/Lib/cookielib.py @@ -434,6 +434,13 @@ def join_header_words(lists): if attr: headers.append("; ".join(attr)) return ", ".join(headers) +def strip_quotes(text): + if text.startswith('"'): + text = text[1:] + if text.endswith('"'): + text = text[:-1] + return text + def parse_ns_headers(ns_headers): """Ad-hoc parser for Netscape protocol cookie-attributes. @@ -451,7 +458,7 @@ def parse_ns_headers(ns_headers): """ known_attrs = ("expires", "domain", "path", "secure", # RFC 2109 attrs (may turn up in Netscape cookies, too) - "port", "max-age") + "version", "port", "max-age") result = [] for ns_header in ns_headers: @@ -471,12 +478,11 @@ def parse_ns_headers(ns_headers): k = lc if k == "version": # This is an RFC 2109 cookie. + v = strip_quotes(v) version_set = True if k == "expires": # convert expires date to seconds since epoch - if v.startswith('"'): v = v[1:] - if v.endswith('"'): v = v[:-1] - v = http2time(v) # None if invalid + v = http2time(strip_quotes(v)) # None if invalid pairs.append((k, v)) if pairs: @@ -1450,7 +1456,11 @@ class CookieJar: # set the easy defaults version = standard.get("version", None) - if version is not None: version = int(version) + if version is not None: + try: + version = int(version) + except ValueError: + return None # invalid version, ignore cookie secure = standard.get("secure", False) # (discard is also set if expires is Absent) discard = standard.get("discard", False) |