#18403 closed Bug (fixed)
Issue with redefined SimpleCookie with invalid cookie name
Reported by: | Owned by: | Ivan Kolodyazhny | |
---|---|---|---|
Component: | HTTP handling | Version: | 1.4 |
Severity: | Normal | Keywords: | cookie |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
To provoke the error:
from django.http import HttpResponse response= HttpResponse() response.set_cookie("a:.b/",1) > AttributeError: 'SimpleCookie' object has no attribute 'bad_cookies'
with a python version that does not accept colons (":") in the cookie name.
Django http/init.py redefines the SimpleCookie, and initializes bad_cookies
in a method load(self, rawdata)
that does not seem to be called in this case.
Beside the obvious fact that the cookie name is totally invalid, it looks like bad_cookies
is not correctly initialized (I wouldn't mind an error, but a real one!)
Or am I using set_cookie uncorrectly here?
Change History (8)
comment:1 by , 13 years ago
Description: | modified (diff) |
---|
comment:2 by , 13 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:3 by , 11 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:5 by , 11 years ago
Needs tests: | unset |
---|
Test was added, but fails on Python 3. Python 3 appears to fail loudly on a bad cookie key rather than storing the key in bad_cookies
. Question is whether Django should catch this exception to maintain the same behavior as Python 2 or if we should simply skip the new test on Python 3.
comment:6 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:7 by , 11 years ago
I'm having this issue in Django 1.6.1 - is this really fixed !?
response = HttpResponse(json.dumps(result)) response.set_cookie(response, '123', expires=expires)
Internal Server Error: /goodies/ajax/authenticate_goody/ Traceback (most recent call last): File "/Users/rothfuchs/Documents/workspace/mygoody/pyenv/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/Users/rothfuchs/Documents/workspace/mygoody/goodies/ajax.py", line 30, in authenticate_goody response.set_cookie(response, '123', expires=expires) File "/Users/rothfuchs/Documents/workspace/mygoody/pyenv/lib/python2.7/site-packages/django/http/response.py", line 229, in set_cookie self.cookies[key] = value File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/Cookie.py", line 592, in __setitem__ self.__set(key, rval, cval) File "/Users/rothfuchs/Documents/workspace/mygoody/pyenv/lib/python2.7/site-packages/django/http/cookie.py", line 67, in _BaseCookie__set self.bad_cookies.add(key) AttributeError: 'SimpleCookie' object has no attribute 'bad_cookies'
comment:8 by , 11 years ago
If you look at the commit above, you'll see it's present on master/1.7a1. It won't be backported to 1.6 as it's not a regression (ticket was open 20 months before it was fixed).
Here is pull request with fix https://github.com/django/django/pull/1605