diff options
| -rw-r--r-- | docs/news.txt | 9 | ||||
| -rw-r--r-- | tests/test_cookies.py | 2 | ||||
| -rw-r--r-- | webob/cookies.py | 7 |
3 files changed, 16 insertions, 2 deletions
diff --git a/docs/news.txt b/docs/news.txt index 814a430..4dd6950 100644 --- a/docs/news.txt +++ b/docs/news.txt @@ -1,6 +1,15 @@ News ==== +unreleased +---------- + +Bug Fixes +~~~~~~~~~ + +- Fix a bug in ``SignedSerializer`` preventing secrets from containing + higher-order characters. See https://github.com/Pylons/webob/issues/136 + 1.3.1 (2013-12-13) ------------------ diff --git a/tests/test_cookies.py b/tests/test_cookies.py index aa54ed6..c956477 100644 --- a/tests/test_cookies.py +++ b/tests/test_cookies.py @@ -591,7 +591,7 @@ def serialize(secret, salt, data): import json from hashlib import sha1 from webob.compat import bytes_ - salted_secret = bytes_(salt or '') + bytes_(secret) + salted_secret = bytes_(salt or '', 'utf-8') + bytes_(secret, 'utf-8') cstruct = bytes_(json.dumps(data)) sig = hmac.new(salted_secret, cstruct, sha1).digest() return base64.urlsafe_b64encode(sig + cstruct).rstrip(b'=') diff --git a/webob/cookies.py b/webob/cookies.py index 3aeb51f..87b8dde 100644 --- a/webob/cookies.py +++ b/webob/cookies.py @@ -489,7 +489,12 @@ class SignedSerializer(object): self.secret = secret self.hashalg = hashalg - self.salted_secret = bytes_(salt or '') + bytes_(secret) + try: + # bwcompat with webob <= 1.3.1, leave latin-1 as the default + self.salted_secret = bytes_(salt or '') + bytes_(secret) + except UnicodeEncodeError: + self.salted_secret = ( + bytes_(salt or '', 'utf-8') + bytes_(secret, 'utf-8')) self.digestmod = lambda string=b'': hashlib.new(self.hashalg, string) self.digest_size = self.digestmod().digest_size |