diff options
| -rw-r--r-- | Lib/http/cookies.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_http_cookies.py | 6 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 10 insertions, 1 deletions
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py index fda02b7..dbddd6c 100644 --- a/Lib/http/cookies.py +++ b/Lib/http/cookies.py @@ -174,7 +174,7 @@ _Translator.update({ ord('\\'): '\\\\', }) -_is_legal_key = re.compile('[%s]+' % _LegalChars).fullmatch +_is_legal_key = re.compile('[%s]+' % re.escape(_LegalChars)).fullmatch def _quote(str): r"""Quote a string for use in a cookie header. diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py index d3e06a4..2432e0b 100644 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@ -210,6 +210,12 @@ class CookieTests(unittest.TestCase): C1 = pickle.loads(pickle.dumps(C, protocol=proto)) self.assertEqual(C1.output(), expected_output) + def test_illegal_chars(self): + rawdata = "a=b; c,d=e" + C = cookies.SimpleCookie() + with self.assertRaises(cookies.CookieError): + C.load(rawdata) + class MorselTests(unittest.TestCase): """Tests for the Morsel object.""" @@ -10,6 +10,9 @@ Release date: tba Core and Builtins ----------------- +- Issue #26302: Correct behavior to reject comma as a legal character for + cookie names. + - Issue #4806: Avoid masking the original TypeError exception when using star (*) unpacking in function calls. Based on patch by Hagen Fürstenau and Daniel Urban. |