classification
Title: cookielib doesn't handle URLs with / in parameters
Type: behavior Stage:
Components: None Versions: Python 3.0, Python 2.6, Python 2.5
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: andyk, gregory.p.smith, jjlee, orsenthil
Priority: normal Keywords: needs review, patch

Created on 2008-08-27 17:01 by andyk, last changed 2008-10-16 03:20 by orsenthil.

Files
File name Uploaded Description Edit Remove
cookielib.py andyk, 2008-08-27 17:01 cookielib.py from 2.5.2 with my suggested fix
cookielib.diff gregory.p.smith, 2008-08-28 06:10 a diff generated from the above file
cookielib-querystring-fix.patch gregory.p.smith, 2008-08-28 06:39 patch with the fix and a unit test
Messages
msg72035 (view) Author: Andy Kilpatrick (andyk) Date: 2008-08-27 17:01 
cookielib doesn't handle URLs like "http://server/script?
err=/base/error.html&ok=/base/ok.html", as 
CookieJar::_cookie_from_cookie_tuple uses rfind("/") to strip off the 
end of the URL, returning "http://server/script?
err=/base/error.html&okc=/base" instead of "http://server/script".

My suggested fix (attached, line 1465-1468) is to first strip off 
anything after "?" if present, then continue as with existing code.
msg72066 (view) Author: Gregory P. Smith (gregory.p.smith) Date: 2008-08-28 06:39 
attached is a patch with the suggested fix along with a unit test.
msg72724 (view) Author: Senthil (orsenthil) Date: 2008-09-07 00:38 
The patch and tests look fine to me, Gregory. I verified it against the
trunk. Should not we have it for py3k as well?
msg72726 (view) Author: Gregory P. Smith (gregory.p.smith) Date: 2008-09-07 00:57 
yep it applies to all releases.  anyways, it won't make 2.6/3.0 but it
can be put into 2.5.3/2.6.1/3.0.1.
msg74824 (view) Author: John J Lee (jjlee) Date: 2008-10-15 22:48 
Do we have an RFC 3986 URI parser in the stdlib now?  It would be better
to use that if so, but I don't see one.  Failing that, an implementation
of the relevant part of that RFC is only about four lines of code, so
that would be better than naively looking for "?" (request_path should
probably be changed at the same time).

I'll try and add a patch that does that and check what Firefox does to
see if I agree it's a bug.
msg74827 (view) Author: Senthil (orsenthil) Date: 2008-10-16 03:20 
John, issue3647 tries relative url parsing and joins to be RFC3986
compliance.
History
Date User Action Args
2008-10-16 03:20:13orsenthilsetmessages: + msg74827
2008-10-15 22:48:10jjleesetnosy: + jjlee
messages: + msg74824
2008-09-07 00:57:24gregory.p.smithsetmessages: + msg72726
versions: + Python 3.0
2008-09-07 00:38:11orsenthilsetnosy: + orsenthil
messages: + msg72724
2008-09-02 05:38:31gregory.p.smithsetversions: + Python 2.6
2008-08-28 06:39:54gregory.p.smithsetfiles: + cookielib-querystring-fix.patch
nosy: + gregory.p.smith
messages: + msg72066
priority: normal
assignee: gregory.p.smith
keywords: + needs review
2008-08-28 06:10:26gregory.p.smithsetfiles: + cookielib.diff
keywords: + patch
2008-08-27 17:01:40andykcreate