Quote cookie values when accepting them, and unquote them when

receiving them.  This is required to comply with the spec for
cookies, which requires escaping of at least : and blank spaces.

I changed the setCookie routine in both BaseResponse and HTTPResponse
to keep them indentical.  Since they *are* identical, one would think
that one of them could be eliminated.

lib/python/ZPublisher/BaseResponse.py

@@ -12,10 +12,11 @@
 ##############################################################################
 '''CGI Response Output formatter
 
-$Id: BaseResponse.py,v 1.14 2002/06/22 14:04:56 tseaver Exp $'''
-__version__ = '$Revision: 1.14 $'[11:-2]
+$Id: BaseResponse.py,v 1.15 2002/08/14 16:45:53 rdmurray Exp $'''
+__version__ = '$Revision: 1.15 $'[11:-2]
 
 import  types, sys
+from urllib import quote_plus
 from types import StringType, InstanceType
 from zExceptions import Unauthorized
 
@@ -71,6 +72,10 @@ class BaseResponse:
         cookie-enabled browsers with a key "name" and value
         "value". This overwrites any previously set value for the
         cookie in the Response object.
+
+        The value is quoted using urllib's url_quote_plus, which
+        quoting will be undone when the value is accessed through
+        REQUEST in a later transaction.
         '''
         cookies = self.cookies
         if cookies.has_key(name):
@@ -79,7 +84,7 @@ class BaseResponse:
             cookie = cookies[name] = {}
         for k, v in kw.items():
             cookie[k] = v
-        cookie['value'] = value
+        cookie['value'] = quote_plus(value)
 
     def appendBody(self, body):
         self.setBody(self.getBody() + body)

lib/python/ZPublisher/HTTPRequest.py

@@ -11,13 +11,13 @@
 # 
 ##############################################################################
 
-__version__='$Revision: 1.77 $'[11:-2]
+__version__='$Revision: 1.78 $'[11:-2]
 
 import re, sys, os,  urllib, time, random, cgi, codecs
 from BaseRequest import BaseRequest
 from HTTPResponse import HTTPResponse
 from cgi import FieldStorage, escape
-from urllib import quote, unquote, splittype, splitport
+from urllib import quote, unquote, unquote_plus, splittype, splitport
 from copy import deepcopy
 from Converters import get_converter
 from TaintedString import TaintedString
@@ -1458,7 +1458,7 @@ def parse_cookie(text,
 
     finally: release()
 
-    if not already_have(name): result[name]=value
+    if not already_have(name): result[name]=unquote_plus(value)
 
     return apply(parse_cookie,(text[l:],result))
 

lib/python/ZPublisher/HTTPResponse.py

@@ -12,11 +12,12 @@
 ##############################################################################
 '''CGI Response Output formatter
 
-$Id: HTTPResponse.py,v 1.66 2002/06/22 15:49:59 andreasjung Exp $'''
-__version__ = '$Revision: 1.66 $'[11:-2]
+$Id: HTTPResponse.py,v 1.67 2002/08/14 16:45:53 rdmurray Exp $'''
+__version__ = '$Revision: 1.67 $'[11:-2]
 
 import types, os, sys, re
 import zlib, struct
+from urllib import quote_plus
 from string import translate, maketrans
 from types import StringType, InstanceType, LongType, UnicodeType
 from BaseResponse import BaseResponse
@@ -491,6 +492,10 @@ class HTTPResponse(BaseResponse):
         cookie-enabled browsers with a key "name" and value
         "value". This overwrites any previously set value for the
         cookie in the Response object.
+
+        The value is quoted using urllib's url_quote_plus, which
+        quoting will be undone when the value is accessed through
+        REQUEST in a later transaction.
         '''
         cookies = self.cookies
         if cookies.has_key(name):
@@ -499,7 +504,7 @@ class HTTPResponse(BaseResponse):
             cookie = cookies[name] = {}
         for k, v in kw.items():
             cookie[k] = v
-        cookie['value'] = value
+        cookie['value'] = quote_plus(value)
 
     def appendHeader(self, name, value, delimiter=","):
         '''\