bpo-35647: Fix path check in cookiejar (GH-11436)
* Refactor cookie path check as per RFC 6265
* Add tests for prefix match of path
* Add news entry
* Fix set_ok_path and refactor tests
* Use slice for last letter
(cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
Co-authored-by: Xtreak <tir.karthi@gmail.com>
diff --git a/Lib/http/cookiejar.py b/Lib/http/cookiejar.py
index 00cb125..d63544a 100644
--- a/Lib/http/cookiejar.py
+++ b/Lib/http/cookiejar.py
@@ -990,7 +990,7 @@
req_path = request_path(request)
if ((cookie.version > 0 or
(cookie.version == 0 and self.strict_ns_set_path)) and
- not req_path.startswith(cookie.path)):
+ not self.path_return_ok(cookie.path, request)):
_debug(" path attribute %s is not a prefix of request "
"path %s", cookie.path, req_path)
return False
@@ -1197,11 +1197,15 @@
def path_return_ok(self, path, request):
_debug("- checking cookie path=%s", path)
req_path = request_path(request)
- if not req_path.startswith(path):
- _debug(" %s does not path-match %s", req_path, path)
- return False
- return True
+ pathlen = len(path)
+ if req_path == path:
+ return True
+ elif (req_path.startswith(path) and
+ (path.endswith("/") or req_path[pathlen:pathlen+1] == "/")):
+ return True
+ _debug(" %s does not path-match %s", req_path, path)
+ return False
def vals_sorted_by_key(adict):
keys = sorted(adict.keys())