1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 70664e84cd1b2df9edd5514d69a1b1cd0bea93b6 Mon Sep 17 00:00:00 2001
From: Stefano Rivera <stefanor@debian.org>
Date: Sun, 11 Oct 2015 21:49:57 +0200
Subject: 01_ignore_invalid_cookies.diff
Patch-Name: 01_ignore_invalid_cookies.diff
---
cherrypy/_cphttptools.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cherrypy/_cphttptools.py b/cherrypy/_cphttptools.py
index 1f75c1c..8739454 100644
--- a/cherrypy/_cphttptools.py
+++ b/cherrypy/_cphttptools.py
@@ -200,7 +200,16 @@ class Request(object):
# Handle cookies differently because on Konqueror, multiple
# cookies come on different lines with the same key
if name.title() == 'Cookie':
- self.simple_cookie.load(value)
+ # Cookies with a colon (":") are invalid according to rfc2965
+ # and rfc2068. However if the browser send such a cookie, we
+ # want to ignore it and continue instead of returning an
+ # "500 Internal Server Error" error. More infos on:
+ # http://www.cherrypy.org/ticket/868
+ try:
+ self.simple_cookie.load(value)
+ except Cookie.CookieError, e:
+ cherrypy.log("Unable to load user's cookie. Cookie ignored.")
+
# Save original values (in case they get modified by filters)
# This feature is deprecated in 2.2 and will be removed in 2.3.
|
