Message 230205 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	georg.brandl
Recipients	Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date	2014-10-29.11:30:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<[email protected]>
In-reply-to

Content
OK, so there are two root issues here: * Django uses __init__(str()) roundtripping, which is not explicitly supported by the library, and worked by accident with previous versions. That it works again with 3.3+ is another accident, and a bug. (The change for #16611 reintroduces "lax" parsing behavior that the security fix was supposed to prevent.) * BaseCookie doesn't roundtrip correctly when pickled with protocol >= 2. This should be fixed in upcoming bugfix releases. I would advise Django to subclass SimpleCookie and fix the pickling issue, which is not hard (see attached diff).

OK, so there are two root issues here:

* Django uses __init__(str()) roundtripping, which is not explicitly supported by the library, and worked by accident with previous versions.  That it works again with 3.3+ is another accident, and a bug.

(The change for #16611 reintroduces "lax" parsing behavior that the security fix was supposed to prevent.)

* BaseCookie doesn't roundtrip correctly when pickled with protocol >= 2.  This should be fixed in upcoming bugfix releases.

I would advise Django to subclass SimpleCookie and fix the pickling issue, which is not hard (see attached diff).

History
Date	User	Action	Args
2014-10-29 11:30:16	georg.brandl	set	recipients: + georg.brandl, pitrou, r.david.murray, berker.peksag, Tim.Graham
2014-10-29 11:30:16	georg.brandl	set	messageid: <[email protected]>
2014-10-29 11:30:16	georg.brandl	link	issue22758 messages
2014-10-29 11:30:16	georg.brandl	create