diff options
| author | Bert JW Regeer <bertjw@regeer.org> | 2014-11-12 16:51:40 -0700 |
|---|---|---|
| committer | Bert JW Regeer <bertjw@regeer.org> | 2015-03-22 21:36:44 -0600 |
| commit | 6804b1389ff9e58b8a900c3a12d5fe01efae306e (patch) | |
| tree | 1fb58f95e500a92e3ceef181009468dd8449b379 | |
| parent | da7e8a4963c16e4bbafce624b4a53f2c129c84ff (diff) | |
| download | webob-6804b1389ff9e58b8a900c3a12d5fe01efae306e.tar.gz | |
Until such a time that we can deprecate this, warn
Someday we can get rid of this mess and just be strict about what we
send, but until such a day we want to warn people that it is going to
happen in the future.
| -rw-r--r-- | tests/test_cookies.py | 10 | ||||
| -rw-r--r-- | tests/test_cookies_bw.py | 26 | ||||
| -rw-r--r-- | webob/cookies.py | 22 |
3 files changed, 57 insertions, 1 deletions
diff --git a/tests/test_cookies.py b/tests/test_cookies.py index 9e30d83..7968307 100644 --- a/tests/test_cookies.py +++ b/tests/test_cookies.py @@ -7,6 +7,8 @@ import unittest from webob.compat import native_ from webob.compat import PY3 +cookies._should_raise = True + def test_cookie_empty(): c = cookies.Cookie() # empty cookie eq_(repr(c), '<Cookie: []>') @@ -446,6 +448,14 @@ class CookieProfileTest(CommonCookieProfile): self.assertEqual(ret, "test") + def test_with_invalid_cookies(self): + request = self.makeOneRequest() + request.cookies['uns'] = 'InRlc3Q' + cookie = self.makeOne(request=request) + ret = cookie.get_value() + + self.assertEqual(ret, None) + class SignedCookieProfileTest(CommonCookieProfile): def makeOne(self, secret='seekrit', salt='salty', name='uns', **kw): if 'request' in kw: diff --git a/tests/test_cookies_bw.py b/tests/test_cookies_bw.py new file mode 100644 index 0000000..92ce48c --- /dev/null +++ b/tests/test_cookies_bw.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +from datetime import timedelta +from webob import cookies +from webob.compat import text_ +from nose.tools import (eq_, assert_raises) +import unittest +from webob.compat import native_ +from webob.compat import PY3 + +import warnings + +def test_invalid_cookie_space(): + cookies._should_raise = False + + with warnings.catch_warnings(record=True) as w: + # Cause all warnings to always be triggered. + warnings.simplefilter("always") + # Trigger a warning. + + cookies._value_quote(b'hello world') + + assert len(w) == 1 + assert issubclass(w[-1].category, DeprecationWarning) + assert "ValueError" in str(w[-1].message) + + cookies._should_raise = True diff --git a/webob/cookies.py b/webob/cookies.py index aa9680c..9b85a0b 100644 --- a/webob/cookies.py +++ b/webob/cookies.py @@ -13,6 +13,7 @@ from datetime import ( import re import string import time +import warnings from webob.compat import ( PY3, @@ -371,12 +372,31 @@ weekdays = ('Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun') months = (None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec') + +# This is temporary, until we can remove this from _value_quote +_should_raise = None + +def __warn_or_raise(text, warn_class, to_raise, raise_reason): + if _should_raise: + raise to_raise(raise_reason) + + else: + warnings.warn(text, warn_class, stacklevel=2) + + def _value_quote(v): # This looks scary, but is simple. We remove all valid characters from the # string, if we end up with leftovers (string is longer than 0, we have # invalid characters in our value) if v.translate(None, _allowed_cookie_bytes): - raise ValueError('Invalid characters in cookie value') + __warn_or_raise( + "Cookie value contains invalid bytes: (%s). Future versions " + "will raise ValueError upon encountering invalid bytes." % + (v.translate(None, _allowed_cookie_bytes),), + DeprecationWarning, ValueError, 'Invalid characters in cookie value' + ) + #raise ValueError('Invalid characters in cookie value') + return b'"' + b''.join(map(_escape_char, v)) + b'"' return v |