From: Benjamin Peterson Date: Sat, 23 May 2015 15:38:48 +0000 (-0500) Subject: merge 3.2 (#22931) X-Git-Tag: v3.4.4rc1~5^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d504f20e1c30d7ee328e897e1bb93cba3d1db7a2;p=thirdparty%2FPython%2Fcpython.git merge 3.2 (#22931) --- d504f20e1c30d7ee328e897e1bb93cba3d1db7a2 diff --cc Lib/http/cookies.py index 556d101fb0e8,50aabd60d2a6..00082a6740ff --- a/Lib/http/cookies.py +++ b/Lib/http/cookies.py @@@ -433,20 -435,17 +434,20 @@@ _CookiePattern = re.compile(r"" (?x) # This is a verbose pattern \s* # Optional whitespace at start of cookie (?P # Start of group 'key' - """ + _LegalCharsPatt + r"""+? # Any word of at least one letter + [""" + _LegalKeyChars + r"""]+? # Any word of at least one letter ) # End of group 'key' - \s*=\s* # Equal Sign - (?P # Start of group 'val' - "(?:[^\\"]|\\.)*" # Any doublequoted string - | # or + ( # Optional group: there may not be a value. + \s*=\s* # Equal Sign + (?P # Start of group 'val' + "(?:[^\\"]|\\.)*" # Any doublequoted string + | # or \w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT # Special case for "expires" attr - | # or - [""" + _LegalValueChars + r"""]* # Any word or empty string - ) # End of group 'val' - \s*;? # Probably ending in a semi-colon + | # or - """ + _LegalCharsPatt + r"""* # Any word or empty string ++ [""" + _LegalValueChars + r"""]* # Any word or empty string + ) # End of group 'val' + )? # End of optional value group + \s* # Any number of spaces. + (\s+|;|$) # Ending either at space, semicolon, or EOS. """, re.ASCII) # May be removed if safe. diff --cc Lib/test/test_http_cookies.py index 76e5e9c4dadd,a0edcbfc901c..8d7c220c5b62 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@@ -35,14 -35,19 +35,27 @@@ class CookieTests(unittest.TestCase) 'repr': "", 'output': 'Set-Cookie: keebler=E=mc2'}, + # Cookies with ':' character in their name. Though not mentioned in + # RFC, servers / browsers allow it. + + {'data': 'key:term=value:term', + 'dict': {'key:term' : 'value:term'}, + 'repr': "", + 'output': 'Set-Cookie: key:term=value:term'}, + + # issue22931 - Adding '[' and ']' as valid characters in cookie + # values as defined in RFC 6265 + { + 'data': 'a=b; c=[; d=r; f=h', + 'dict': {'a':'b', 'c':'[', 'd':'r', 'f':'h'}, + 'repr': "", + 'output': '\n'.join(( + 'Set-Cookie: a=b', + 'Set-Cookie: c=[', + 'Set-Cookie: d=r', + 'Set-Cookie: f=h' + )) + } ] for case in cases: diff --cc Misc/NEWS index 827d761bf9f6,b33c5a4169a4..0f969207d43d --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -22,32 -19,10 +22,34 @@@ Core and Builtin Library ------- + - Issue #22931: Allow '[' and ']' in cookie values. + +- Issue #24094: Fix possible crash in json.encode with poorly behaved dict + subclasses. + +- Issue #23367: Fix possible overflows in the unicodedata module. + +- Issue #23361: Fix possible overflow in Windows subprocess creation code. + +- Issue #23363: Fix possible overflow in itertools.permutations. + +- Issue #23364: Fix possible overflow in itertools.product. + +- Issue #23369: Fixed possible integer overflow in + _json.encode_basestring_ascii. + +- Issue #23366: Fixed possible integer overflow in itertools.combinations. + +- Issue #23365: Fixed possible integer overflow in + itertools.combinations_with_replacement. -What's New in Python 3.2.6? +C API +----- + +- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error + + +What's New in Python 3.3.6? =========================== *Release date: 11-Oct-2014*