Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 1 | #### |
| 2 | # Copyright 2000 by Timothy O'Malley <timo@alum.mit.edu> |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 3 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 4 | # All Rights Reserved |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 5 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 6 | # Permission to use, copy, modify, and distribute this software |
| 7 | # and its documentation for any purpose and without fee is hereby |
| 8 | # granted, provided that the above copyright notice appear in all |
| 9 | # copies and that both that copyright notice and this permission |
| 10 | # notice appear in supporting documentation, and that the name of |
| 11 | # Timothy O'Malley not be used in advertising or publicity |
| 12 | # pertaining to distribution of the software without specific, written |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 13 | # prior permission. |
| 14 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 15 | # Timothy O'Malley DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS |
| 16 | # SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY |
| 17 | # AND FITNESS, IN NO EVENT SHALL Timothy O'Malley BE LIABLE FOR |
| 18 | # ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 19 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, |
| 20 | # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS |
| 21 | # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 22 | # PERFORMANCE OF THIS SOFTWARE. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 23 | # |
| 24 | #### |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 25 | # |
| 26 | # Id: Cookie.py,v 2.29 2000/08/23 05:28:49 timo Exp |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 27 | # by Timothy O'Malley <timo@alum.mit.edu> |
| 28 | # |
| 29 | # Cookie.py is a Python module for the handling of HTTP |
| 30 | # cookies as a Python dictionary. See RFC 2109 for more |
| 31 | # information on cookies. |
| 32 | # |
| 33 | # The original idea to treat Cookies as a dictionary came from |
Andrew M. Kuchling | 0b29b11 | 2000-08-24 11:52:33 +0000 | [diff] [blame] | 34 | # Dave Mitchell (davem@magnet.com) in 1995, when he released the |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 35 | # first version of nscookie.py. |
| 36 | # |
| 37 | #### |
| 38 | |
Guido van Rossum | 58b6f5b | 2001-04-06 19:39:11 +0000 | [diff] [blame] | 39 | r""" |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 40 | Here's a sample session to show how to use this module. |
| 41 | At the moment, this is the only documentation. |
| 42 | |
| 43 | The Basics |
| 44 | ---------- |
| 45 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 46 | Importing is easy... |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 47 | |
Georg Brandl | 2442015 | 2008-05-26 16:32:26 +0000 | [diff] [blame] | 48 | >>> from http import cookies |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 49 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 50 | Most of the time you start by creating a cookie. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 51 | |
Georg Brandl | 2442015 | 2008-05-26 16:32:26 +0000 | [diff] [blame] | 52 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 53 | |
| 54 | Once you've created your Cookie, you can add values just as if it were |
| 55 | a dictionary. |
| 56 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 57 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 58 | >>> C["fig"] = "newton" |
| 59 | >>> C["sugar"] = "wafer" |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 60 | >>> C.output() |
| 61 | 'Set-Cookie: fig=newton\r\nSet-Cookie: sugar=wafer' |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 62 | |
| 63 | Notice that the printable representation of a Cookie is the |
| 64 | appropriate format for a Set-Cookie: header. This is the |
| 65 | default behavior. You can change the header and printed |
Walter Dörwald | f0dfc7a | 2003-10-20 14:01:56 +0000 | [diff] [blame] | 66 | attributes by using the .output() function |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 67 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 68 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 69 | >>> C["rocky"] = "road" |
| 70 | >>> C["rocky"]["path"] = "/cookie" |
Guido van Rossum | fff80df | 2007-02-09 20:33:44 +0000 | [diff] [blame] | 71 | >>> print(C.output(header="Cookie:")) |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 72 | Cookie: rocky=road; Path=/cookie |
Guido van Rossum | fff80df | 2007-02-09 20:33:44 +0000 | [diff] [blame] | 73 | >>> print(C.output(attrs=[], header="Cookie:")) |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 74 | Cookie: rocky=road |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 75 | |
| 76 | The load() method of a Cookie extracts cookies from a string. In a |
| 77 | CGI script, you would use this method to extract the cookies from the |
| 78 | HTTP_COOKIE environment variable. |
| 79 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 80 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 81 | >>> C.load("chips=ahoy; vienna=finger") |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 82 | >>> C.output() |
| 83 | 'Set-Cookie: chips=ahoy\r\nSet-Cookie: vienna=finger' |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 84 | |
| 85 | The load() method is darn-tootin smart about identifying cookies |
| 86 | within a string. Escaped quotation marks, nested semicolons, and other |
| 87 | such trickeries do not confuse it. |
| 88 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 89 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 90 | >>> C.load('keebler="E=everybody; L=\\"Loves\\"; fudge=\\012;";') |
Guido van Rossum | fff80df | 2007-02-09 20:33:44 +0000 | [diff] [blame] | 91 | >>> print(C) |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 92 | Set-Cookie: keebler="E=everybody; L=\"Loves\"; fudge=\012;" |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 93 | |
| 94 | Each element of the Cookie also supports all of the RFC 2109 |
| 95 | Cookie attributes. Here's an example which sets the Path |
| 96 | attribute. |
| 97 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 98 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 99 | >>> C["oreo"] = "doublestuff" |
| 100 | >>> C["oreo"]["path"] = "/" |
Guido van Rossum | fff80df | 2007-02-09 20:33:44 +0000 | [diff] [blame] | 101 | >>> print(C) |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 102 | Set-Cookie: oreo=doublestuff; Path=/ |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 103 | |
| 104 | Each dictionary element has a 'value' attribute, which gives you |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 105 | back the value associated with the key. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 106 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 107 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 108 | >>> C["twix"] = "none for you" |
| 109 | >>> C["twix"].value |
| 110 | 'none for you' |
| 111 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 112 | The SimpleCookie expects that all values should be standard strings. |
| 113 | Just to be sure, SimpleCookie invokes the str() builtin to convert |
| 114 | the value to a string, when the values are set dictionary-style. |
| 115 | |
Georg Brandl | 2442015 | 2008-05-26 16:32:26 +0000 | [diff] [blame] | 116 | >>> C = cookies.SimpleCookie() |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 117 | >>> C["number"] = 7 |
| 118 | >>> C["string"] = "seven" |
| 119 | >>> C["number"].value |
| 120 | '7' |
| 121 | >>> C["string"].value |
| 122 | 'seven' |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 123 | >>> C.output() |
| 124 | 'Set-Cookie: number=7\r\nSet-Cookie: string=seven' |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 125 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 126 | Finis. |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 127 | """ |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 128 | |
| 129 | # |
| 130 | # Import our required modules |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 131 | # |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 132 | import re |
Martin v. Löwis | 02d893c | 2001-08-02 07:15:29 +0000 | [diff] [blame] | 133 | import string |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 134 | |
Georg Brandl | 6101395 | 2008-05-28 15:56:30 +0000 | [diff] [blame] | 135 | __all__ = ["CookieError", "BaseCookie", "SimpleCookie"] |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 136 | |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 137 | _nulljoin = ''.join |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 138 | _semispacejoin = '; '.join |
Georg Brandl | 8246c43 | 2005-08-25 07:32:42 +0000 | [diff] [blame] | 139 | _spacejoin = ' '.join |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 140 | |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 141 | def _warn_deprecated_setter(setter): |
| 142 | import warnings |
| 143 | msg = ('The .%s setter is deprecated. The attribute will be read-only in ' |
| 144 | 'future releases. Please use the set() method instead.' % setter) |
| 145 | warnings.warn(msg, DeprecationWarning, stacklevel=3) |
| 146 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 147 | # |
| 148 | # Define an exception visible to External modules |
| 149 | # |
| 150 | class CookieError(Exception): |
| 151 | pass |
| 152 | |
| 153 | |
| 154 | # These quoting routines conform to the RFC2109 specification, which in |
| 155 | # turn references the character definitions from RFC2068. They provide |
| 156 | # a two-way quoting algorithm. Any non-text character is translated |
| 157 | # into a 4 character sequence: a forward-slash followed by the |
| 158 | # three-digit octal equivalent of the character. Any '\' or '"' is |
| 159 | # quoted with a preceeding '\' slash. |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 160 | # Because of the way browsers really handle cookies (as opposed to what |
| 161 | # the RFC says) we also encode "," and ";". |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 162 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 163 | # These are taken from RFC2068 and RFC2109. |
| 164 | # _LegalChars is the list of chars which don't require "'s |
| 165 | # _Translator hash-table for fast quoting |
| 166 | # |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 167 | _LegalChars = string.ascii_letters + string.digits + "!#$%&'*+-.^_`|~:" |
| 168 | _UnescapedChars = _LegalChars + ' ()/<=>?@[]{}' |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 169 | |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 170 | _Translator = {n: '\\%03o' % n |
| 171 | for n in set(range(256)) - set(map(ord, _UnescapedChars))} |
| 172 | _Translator.update({ |
| 173 | ord('"'): '\\"', |
| 174 | ord('\\'): '\\\\', |
| 175 | }) |
R. David Murray | e05ca2a | 2010-12-28 18:54:13 +0000 | [diff] [blame] | 176 | |
Anish Shah | 102d813 | 2016-02-07 05:36:00 +0500 | [diff] [blame] | 177 | _is_legal_key = re.compile('[%s]+' % re.escape(_LegalChars)).fullmatch |
R. David Murray | e05ca2a | 2010-12-28 18:54:13 +0000 | [diff] [blame] | 178 | |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 179 | def _quote(str): |
Georg Brandl | 9cf32a1 | 2009-09-04 08:28:01 +0000 | [diff] [blame] | 180 | r"""Quote a string for use in a cookie header. |
| 181 | |
| 182 | If the string does not need to be double-quoted, then just return the |
| 183 | string. Otherwise, surround the string in doublequotes and quote |
| 184 | (with a \) special characters. |
| 185 | """ |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 186 | if str is None or _is_legal_key(str): |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 187 | return str |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 188 | else: |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 189 | return '"' + str.translate(_Translator) + '"' |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 190 | |
| 191 | |
| 192 | _OctalPatt = re.compile(r"\\[0-3][0-7][0-7]") |
| 193 | _QuotePatt = re.compile(r"[\\].") |
| 194 | |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 195 | def _unquote(str): |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 196 | # If there aren't any doublequotes, |
| 197 | # then there can't be any special characters. See RFC 2109. |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 198 | if str is None or len(str) < 2: |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 199 | return str |
| 200 | if str[0] != '"' or str[-1] != '"': |
| 201 | return str |
| 202 | |
| 203 | # We have to assume that we must decode this string. |
| 204 | # Down to work. |
| 205 | |
| 206 | # Remove the "s |
| 207 | str = str[1:-1] |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 208 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 209 | # Check for special sequences. Examples: |
| 210 | # \012 --> \n |
| 211 | # \" --> " |
| 212 | # |
| 213 | i = 0 |
| 214 | n = len(str) |
| 215 | res = [] |
| 216 | while 0 <= i < n: |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 217 | o_match = _OctalPatt.search(str, i) |
| 218 | q_match = _QuotePatt.search(str, i) |
| 219 | if not o_match and not q_match: # Neither matched |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 220 | res.append(str[i:]) |
| 221 | break |
| 222 | # else: |
| 223 | j = k = -1 |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 224 | if o_match: |
| 225 | j = o_match.start(0) |
| 226 | if q_match: |
| 227 | k = q_match.start(0) |
| 228 | if q_match and (not o_match or k < j): # QuotePatt matched |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 229 | res.append(str[i:k]) |
| 230 | res.append(str[k+1]) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 231 | i = k + 2 |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 232 | else: # OctalPatt matched |
| 233 | res.append(str[i:j]) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 234 | res.append(chr(int(str[j+1:j+4], 8))) |
| 235 | i = j + 4 |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 236 | return _nulljoin(res) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 237 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 238 | # The _getdate() routine is used to set the expiration time in the cookie's HTTP |
| 239 | # header. By default, _getdate() returns the current time in the appropriate |
| 240 | # "expires" format for a Set-Cookie header. The one optional argument is an |
| 241 | # offset from now, in seconds. For example, an offset of -3600 means "one hour |
| 242 | # ago". The offset may be a floating point number. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 243 | # |
| 244 | |
| 245 | _weekdayname = ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun'] |
| 246 | |
| 247 | _monthname = [None, |
| 248 | 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', |
| 249 | 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'] |
| 250 | |
| 251 | def _getdate(future=0, weekdayname=_weekdayname, monthname=_monthname): |
| 252 | from time import gmtime, time |
| 253 | now = time() |
| 254 | year, month, day, hh, mm, ss, wd, y, z = gmtime(now + future) |
Senthil Kumaran | 00c2ec2 | 2012-05-20 12:05:16 +0800 | [diff] [blame] | 255 | return "%s, %02d %3s %4d %02d:%02d:%02d GMT" % \ |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 256 | (weekdayname[wd], day, monthname[month], year, hh, mm, ss) |
| 257 | |
| 258 | |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 259 | class Morsel(dict): |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 260 | """A class to hold ONE (key, value) pair. |
Georg Brandl | 9cf32a1 | 2009-09-04 08:28:01 +0000 | [diff] [blame] | 261 | |
| 262 | In a cookie, each such pair may have several attributes, so this class is |
| 263 | used to keep the attributes associated with the appropriate key,value pair. |
| 264 | This class also includes a coded_value attribute, which is used to hold |
| 265 | the network representation of the value. This is most useful when Python |
| 266 | objects are pickled for network transit. |
| 267 | """ |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 268 | # RFC 2109 lists these attributes as reserved: |
| 269 | # path comment domain |
| 270 | # max-age secure version |
Tim Peters | 88869f9 | 2001-01-14 23:36:06 +0000 | [diff] [blame] | 271 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 272 | # For historical reasons, these attributes are also reserved: |
| 273 | # expires |
| 274 | # |
Benjamin Peterson | 35e661c | 2008-09-06 19:37:35 +0000 | [diff] [blame] | 275 | # This is an extension from Microsoft: |
| 276 | # httponly |
| 277 | # |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 278 | # This dictionary provides a mapping from the lowercase |
| 279 | # variant on the left to the appropriate traditional |
| 280 | # formatting on the right. |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 281 | _reserved = { |
| 282 | "expires" : "expires", |
| 283 | "path" : "Path", |
| 284 | "comment" : "Comment", |
| 285 | "domain" : "Domain", |
| 286 | "max-age" : "Max-Age", |
Benjamin Peterson | bd34162 | 2015-01-16 20:43:55 -0500 | [diff] [blame] | 287 | "secure" : "Secure", |
| 288 | "httponly" : "HttpOnly", |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 289 | "version" : "Version", |
| 290 | } |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 291 | |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 292 | _flags = {'secure', 'httponly'} |
| 293 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 294 | def __init__(self): |
| 295 | # Set defaults |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 296 | self._key = self._value = self._coded_value = None |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 297 | |
| 298 | # Set default attributes |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 299 | for key in self._reserved: |
| 300 | dict.__setitem__(self, key, "") |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 301 | |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 302 | @property |
| 303 | def key(self): |
| 304 | return self._key |
| 305 | |
| 306 | @key.setter |
| 307 | def key(self, key): |
| 308 | _warn_deprecated_setter('key') |
| 309 | self._key = key |
| 310 | |
| 311 | @property |
| 312 | def value(self): |
| 313 | return self._value |
| 314 | |
| 315 | @value.setter |
| 316 | def value(self, value): |
| 317 | _warn_deprecated_setter('value') |
| 318 | self._value = value |
| 319 | |
| 320 | @property |
| 321 | def coded_value(self): |
| 322 | return self._coded_value |
| 323 | |
| 324 | @coded_value.setter |
| 325 | def coded_value(self, coded_value): |
| 326 | _warn_deprecated_setter('coded_value') |
| 327 | self._coded_value = coded_value |
| 328 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 329 | def __setitem__(self, K, V): |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 330 | K = K.lower() |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 331 | if not K in self._reserved: |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 332 | raise CookieError("Invalid attribute %r" % (K,)) |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 333 | dict.__setitem__(self, K, V) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 334 | |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 335 | def setdefault(self, key, val=None): |
| 336 | key = key.lower() |
| 337 | if key not in self._reserved: |
| 338 | raise CookieError("Invalid attribute %r" % (key,)) |
| 339 | return dict.setdefault(self, key, val) |
| 340 | |
| 341 | def __eq__(self, morsel): |
| 342 | if not isinstance(morsel, Morsel): |
| 343 | return NotImplemented |
| 344 | return (dict.__eq__(self, morsel) and |
| 345 | self._value == morsel._value and |
| 346 | self._key == morsel._key and |
| 347 | self._coded_value == morsel._coded_value) |
| 348 | |
| 349 | __ne__ = object.__ne__ |
| 350 | |
| 351 | def copy(self): |
| 352 | morsel = Morsel() |
| 353 | dict.update(morsel, self) |
| 354 | morsel.__dict__.update(self.__dict__) |
| 355 | return morsel |
| 356 | |
| 357 | def update(self, values): |
| 358 | data = {} |
| 359 | for key, val in dict(values).items(): |
| 360 | key = key.lower() |
| 361 | if key not in self._reserved: |
| 362 | raise CookieError("Invalid attribute %r" % (key,)) |
| 363 | data[key] = val |
| 364 | dict.update(self, data) |
| 365 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 366 | def isReservedKey(self, K): |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 367 | return K.lower() in self._reserved |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 368 | |
R David Murray | 1813c17 | 2015-03-29 17:09:21 -0400 | [diff] [blame] | 369 | def set(self, key, val, coded_val, LegalChars=_LegalChars): |
| 370 | if LegalChars != _LegalChars: |
| 371 | import warnings |
| 372 | warnings.warn( |
| 373 | 'LegalChars parameter is deprecated, ignored and will ' |
| 374 | 'be removed in future versions.', DeprecationWarning, |
| 375 | stacklevel=2) |
| 376 | |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 377 | if key.lower() in self._reserved: |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 378 | raise CookieError('Attempt to set a reserved key %r' % (key,)) |
| 379 | if not _is_legal_key(key): |
| 380 | raise CookieError('Illegal key %r' % (key,)) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 381 | |
| 382 | # It's a good key, so save it. |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 383 | self._key = key |
| 384 | self._value = val |
| 385 | self._coded_value = coded_val |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 386 | |
Serhiy Storchaka | 6c32585 | 2015-03-18 18:03:40 +0200 | [diff] [blame] | 387 | def __getstate__(self): |
| 388 | return { |
| 389 | 'key': self._key, |
| 390 | 'value': self._value, |
| 391 | 'coded_value': self._coded_value, |
| 392 | } |
| 393 | |
| 394 | def __setstate__(self, state): |
| 395 | self._key = state['key'] |
| 396 | self._value = state['value'] |
| 397 | self._coded_value = state['coded_value'] |
| 398 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 399 | def output(self, attrs=None, header="Set-Cookie:"): |
| 400 | return "%s %s" % (header, self.OutputString(attrs)) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 401 | |
Andrew M. Kuchling | 0b29b11 | 2000-08-24 11:52:33 +0000 | [diff] [blame] | 402 | __str__ = output |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 403 | |
Andrew M. Kuchling | 0b29b11 | 2000-08-24 11:52:33 +0000 | [diff] [blame] | 404 | def __repr__(self): |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 405 | return '<%s: %s>' % (self.__class__.__name__, self.OutputString()) |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 406 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 407 | def js_output(self, attrs=None): |
| 408 | # Print javascript |
| 409 | return """ |
Georg Brandl | 03a33ea | 2005-06-26 21:02:49 +0000 | [diff] [blame] | 410 | <script type="text/javascript"> |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 411 | <!-- begin hiding |
Georg Brandl | 03a33ea | 2005-06-26 21:02:49 +0000 | [diff] [blame] | 412 | document.cookie = \"%s\"; |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 413 | // end hiding --> |
| 414 | </script> |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 415 | """ % (self.OutputString(attrs).replace('"', r'\"')) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 416 | |
| 417 | def OutputString(self, attrs=None): |
| 418 | # Build up our result |
| 419 | # |
| 420 | result = [] |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 421 | append = result.append |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 422 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 423 | # First, the key=value pair |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 424 | append("%s=%s" % (self.key, self.coded_value)) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 425 | |
| 426 | # Now add any defined attributes |
Fred Drake | 8152d32 | 2000-12-12 23:20:45 +0000 | [diff] [blame] | 427 | if attrs is None: |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 428 | attrs = self._reserved |
Guido van Rossum | cc2b016 | 2007-02-11 06:12:03 +0000 | [diff] [blame] | 429 | items = sorted(self.items()) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 430 | for key, value in items: |
| 431 | if value == "": |
| 432 | continue |
| 433 | if key not in attrs: |
| 434 | continue |
| 435 | if key == "expires" and isinstance(value, int): |
| 436 | append("%s=%s" % (self._reserved[key], _getdate(value))) |
| 437 | elif key == "max-age" and isinstance(value, int): |
| 438 | append("%s=%d" % (self._reserved[key], value)) |
Serhiy Storchaka | 9c1a9b2 | 2015-03-18 10:59:57 +0200 | [diff] [blame] | 439 | elif key in self._flags: |
| 440 | if value: |
| 441 | append(str(self._reserved[key])) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 442 | else: |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 443 | append("%s=%s" % (self._reserved[key], value)) |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 444 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 445 | # Return the result |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 446 | return _semispacejoin(result) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 447 | |
| 448 | |
| 449 | # |
| 450 | # Pattern for finding cookie |
| 451 | # |
| 452 | # This used to be strict parsing based on the RFC2109 and RFC2068 |
| 453 | # specifications. I have since discovered that MSIE 3.0x doesn't |
| 454 | # follow the character rules outlined in those specs. As a |
| 455 | # result, the parsing rules here are less strict. |
| 456 | # |
| 457 | |
Benjamin Peterson | 9bd476e | 2015-05-23 10:36:48 -0500 | [diff] [blame] | 458 | _LegalKeyChars = r"\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=" |
| 459 | _LegalValueChars = _LegalKeyChars + '\[\]' |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 460 | _CookiePattern = re.compile(r""" |
| 461 | (?x) # This is a verbose pattern |
Antoine Pitrou | 7d0b8f9 | 2014-09-17 00:23:55 +0200 | [diff] [blame] | 462 | \s* # Optional whitespace at start of cookie |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 463 | (?P<key> # Start of group 'key' |
Benjamin Peterson | 9bd476e | 2015-05-23 10:36:48 -0500 | [diff] [blame] | 464 | [""" + _LegalKeyChars + r"""]+? # Any word of at least one letter |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 465 | ) # End of group 'key' |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 466 | ( # Optional group: there may not be a value. |
| 467 | \s*=\s* # Equal Sign |
| 468 | (?P<val> # Start of group 'val' |
| 469 | "(?:[^\\"]|\\.)*" # Any doublequoted string |
| 470 | | # or |
Senthil Kumaran | aeeba26 | 2012-05-20 16:58:30 +0800 | [diff] [blame] | 471 | \w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT # Special case for "expires" attr |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 472 | | # or |
Benjamin Peterson | d504f20 | 2015-05-23 10:38:48 -0500 | [diff] [blame] | 473 | [""" + _LegalValueChars + r"""]* # Any word or empty string |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 474 | ) # End of group 'val' |
| 475 | )? # End of optional value group |
| 476 | \s* # Any number of spaces. |
| 477 | (\s+|;|$) # Ending either at space, semicolon, or EOS. |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 478 | """, re.ASCII) # May be removed if safe. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 479 | |
| 480 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 481 | # At long last, here is the cookie class. Using this class is almost just like |
| 482 | # using a dictionary. See this module's docstring for example usage. |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 483 | # |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 484 | class BaseCookie(dict): |
Georg Brandl | 9cf32a1 | 2009-09-04 08:28:01 +0000 | [diff] [blame] | 485 | """A container class for a set of Morsels.""" |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 486 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 487 | def value_decode(self, val): |
| 488 | """real_value, coded_value = value_decode(STRING) |
| 489 | Called prior to setting a cookie's value from the network |
| 490 | representation. The VALUE is the value read from HTTP |
| 491 | header. |
| 492 | Override this function to modify the behavior of cookies. |
| 493 | """ |
| 494 | return val, val |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 495 | |
| 496 | def value_encode(self, val): |
| 497 | """real_value, coded_value = value_encode(VALUE) |
| 498 | Called prior to setting a cookie's value from the dictionary |
| 499 | representation. The VALUE is the value being assigned. |
| 500 | Override this function to modify the behavior of cookies. |
| 501 | """ |
| 502 | strval = str(val) |
| 503 | return strval, strval |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 504 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 505 | def __init__(self, input=None): |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 506 | if input: |
| 507 | self.load(input) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 508 | |
| 509 | def __set(self, key, real_value, coded_value): |
| 510 | """Private method for setting a cookie's value""" |
| 511 | M = self.get(key, Morsel()) |
| 512 | M.set(key, real_value, coded_value) |
Raymond Hettinger | 0a2963c | 2002-06-26 15:19:01 +0000 | [diff] [blame] | 513 | dict.__setitem__(self, key, M) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 514 | |
| 515 | def __setitem__(self, key, value): |
| 516 | """Dictionary style assignment.""" |
Serhiy Storchaka | 8cf7c1c | 2014-11-02 22:18:25 +0200 | [diff] [blame] | 517 | if isinstance(value, Morsel): |
| 518 | # allow assignment of constructed Morsels (e.g. for pickling) |
| 519 | dict.__setitem__(self, key, value) |
| 520 | else: |
| 521 | rval, cval = self.value_encode(value) |
| 522 | self.__set(key, rval, cval) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 523 | |
Georg Brandl | 532efab | 2005-08-24 22:34:21 +0000 | [diff] [blame] | 524 | def output(self, attrs=None, header="Set-Cookie:", sep="\015\012"): |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 525 | """Return a string suitable for HTTP.""" |
| 526 | result = [] |
Guido van Rossum | cc2b016 | 2007-02-11 06:12:03 +0000 | [diff] [blame] | 527 | items = sorted(self.items()) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 528 | for key, value in items: |
| 529 | result.append(value.output(attrs, header)) |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 530 | return sep.join(result) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 531 | |
Andrew M. Kuchling | 0b29b11 | 2000-08-24 11:52:33 +0000 | [diff] [blame] | 532 | __str__ = output |
| 533 | |
| 534 | def __repr__(self): |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 535 | l = [] |
Guido van Rossum | cc2b016 | 2007-02-11 06:12:03 +0000 | [diff] [blame] | 536 | items = sorted(self.items()) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 537 | for key, value in items: |
| 538 | l.append('%s=%s' % (key, repr(value.value))) |
| 539 | return '<%s: %s>' % (self.__class__.__name__, _spacejoin(l)) |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 540 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 541 | def js_output(self, attrs=None): |
| 542 | """Return a string suitable for JavaScript.""" |
| 543 | result = [] |
Guido van Rossum | cc2b016 | 2007-02-11 06:12:03 +0000 | [diff] [blame] | 544 | items = sorted(self.items()) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 545 | for key, value in items: |
| 546 | result.append(value.js_output(attrs)) |
Fred Drake | d451ec1 | 2002-04-26 02:29:55 +0000 | [diff] [blame] | 547 | return _nulljoin(result) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 548 | |
| 549 | def load(self, rawdata): |
| 550 | """Load cookies from a string (presumably HTTP_COOKIE) or |
| 551 | from a dictionary. Loading cookies from a dictionary 'd' |
| 552 | is equivalent to calling: |
| 553 | map(Cookie.__setitem__, d.keys(), d.values()) |
| 554 | """ |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 555 | if isinstance(rawdata, str): |
| 556 | self.__parse_string(rawdata) |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 557 | else: |
Benjamin Peterson | 8719ad5 | 2009-09-11 22:24:02 +0000 | [diff] [blame] | 558 | # self.update() wouldn't call our custom __setitem__ |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 559 | for key, value in rawdata.items(): |
| 560 | self[key] = value |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 561 | return |
Fred Drake | ff5364a | 2000-08-24 14:40:35 +0000 | [diff] [blame] | 562 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 563 | def __parse_string(self, str, patt=_CookiePattern): |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 564 | i = 0 # Our starting point |
| 565 | n = len(str) # Length of string |
| 566 | parsed_items = [] # Parsed (type, key, value) triples |
| 567 | morsel_seen = False # A key=value pair was previously encountered |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 568 | |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 569 | TYPE_ATTRIBUTE = 1 |
| 570 | TYPE_KEYVALUE = 2 |
| 571 | |
| 572 | # We first parse the whole cookie string and reject it if it's |
| 573 | # syntactically invalid (this helps avoid some classes of injection |
| 574 | # attacks). |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 575 | while 0 <= i < n: |
| 576 | # Start looking for a cookie |
Antoine Pitrou | 7d0b8f9 | 2014-09-17 00:23:55 +0200 | [diff] [blame] | 577 | match = patt.match(str, i) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 578 | if not match: |
| 579 | # No more cookies |
| 580 | break |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 581 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 582 | key, value = match.group("key"), match.group("val") |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 583 | i = match.end(0) |
| 584 | |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 585 | if key[0] == "$": |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 586 | if not morsel_seen: |
| 587 | # We ignore attributes which pertain to the cookie |
| 588 | # mechanism as a whole, such as "$Version". |
| 589 | # See RFC 2965. (Does anyone care?) |
| 590 | continue |
| 591 | parsed_items.append((TYPE_ATTRIBUTE, key[1:], value)) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 592 | elif key.lower() in Morsel._reserved: |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 593 | if not morsel_seen: |
| 594 | # Invalid cookie string |
| 595 | return |
| 596 | if value is None: |
| 597 | if key.lower() in Morsel._flags: |
| 598 | parsed_items.append((TYPE_ATTRIBUTE, key, True)) |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 599 | else: |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 600 | # Invalid cookie string |
| 601 | return |
| 602 | else: |
| 603 | parsed_items.append((TYPE_ATTRIBUTE, key, _unquote(value))) |
R David Murray | cd0f74b | 2013-08-25 11:09:02 -0400 | [diff] [blame] | 604 | elif value is not None: |
Antoine Pitrou | b1e3607 | 2014-11-21 01:20:57 +0100 | [diff] [blame] | 605 | parsed_items.append((TYPE_KEYVALUE, key, self.value_decode(value))) |
| 606 | morsel_seen = True |
| 607 | else: |
| 608 | # Invalid cookie string |
| 609 | return |
| 610 | |
| 611 | # The cookie string is valid, apply it. |
| 612 | M = None # current morsel |
| 613 | for tp, key, value in parsed_items: |
| 614 | if tp == TYPE_ATTRIBUTE: |
| 615 | assert M is not None |
| 616 | M[key] = value |
| 617 | else: |
| 618 | assert tp == TYPE_KEYVALUE |
| 619 | rval, cval = value |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 620 | self.__set(key, rval, cval) |
| 621 | M = self[key] |
Georg Brandl | 4eff9f7 | 2009-09-04 08:22:00 +0000 | [diff] [blame] | 622 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 623 | |
| 624 | class SimpleCookie(BaseCookie): |
Georg Brandl | 9cf32a1 | 2009-09-04 08:28:01 +0000 | [diff] [blame] | 625 | """ |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 626 | SimpleCookie supports strings as cookie values. When setting |
| 627 | the value using the dictionary assignment notation, SimpleCookie |
| 628 | calls the builtin str() to convert the value to a string. Values |
| 629 | received from HTTP are kept as strings. |
| 630 | """ |
| 631 | def value_decode(self, val): |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 632 | return _unquote(val), val |
| 633 | |
Andrew M. Kuchling | 52ea872 | 2000-08-19 13:01:19 +0000 | [diff] [blame] | 634 | def value_encode(self, val): |
| 635 | strval = str(val) |
Georg Brandl | 76e155a | 2010-07-31 21:04:00 +0000 | [diff] [blame] | 636 | return strval, _quote(strval) |