From bab4143348f2185c1a9a778a281ef84d46307842 Mon Sep 17 00:00:00 2001 From: Raymond Hettinger Date: Sat, 5 Feb 2005 01:31:19 +0000 Subject: SF patch #1116583: NameError in cookielib domain check --- Lib/cookielib.py | 7 +++---- Misc/ACKS | 1 + Misc/NEWS | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Lib/cookielib.py b/Lib/cookielib.py index a125b21..86479f8 100644 --- a/Lib/cookielib.py +++ b/Lib/cookielib.py @@ -1134,11 +1134,10 @@ class DefaultCookiePolicy(CookiePolicy): # having to load lots of MSIE cookie files unless necessary. req_host, erhn = eff_request_host(request) if not req_host.startswith("."): - dotted_req_host = "."+req_host + req_host = "."+req_host if not erhn.startswith("."): - dotted_erhn = "."+erhn - if not (dotted_req_host.endswith(domain) or - dotted_erhn.endswith(domain)): + erhn = "."+erhn + if not (req_host.endswith(domain) or erhn.endswith(domain)): #debug(" request domain %s does not match cookie domain %s", # req_host, domain) return False diff --git a/Misc/ACKS b/Misc/ACKS index 3c192ad..19e1ded 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -399,6 +399,7 @@ Luke Mewburn Mike Meyer Steven Miale Trent Mick +Chad Miller Roman Milner Dom Mitchell Doug Moen diff --git a/Misc/NEWS b/Misc/NEWS index d816bcc..9d3e9c0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -51,6 +51,8 @@ Extension Modules Library ------- +- Fixed bug in a NameError bug in cookielib. Patch #1116583. + - Applied a security fix to SimpleXMLRPCserver (PSF-2005-001). This disables recursive traversal through instance attributes, which can be exploited in various ways. -- cgit v0.12