Commit 723d6976 authored by Martijn Pieters's avatar Martijn Pieters

Remove the lock around the cookie parsing code.

The locking here was only ever needed for the old `regex` module that was
originally used for this code, but that was replaced by the thread-safe `re`
some 10 years ago (see r20110, april 2001).
parent 83c9815b
......@@ -50,6 +50,10 @@ Features Added
Restructuring
+++++++++++++
- Removed the (very obsolete) thread lock around the cookie parsing code
in HTTPRequest.py; the python `re` module is thread-safe, unlike the
ancient `regex` module that was once used here.
- Removed the special handling of `Set-Cookie` headers in
`HTTPResponse.setHeader`. Use the `setCookie`/`appendCookie`/`expireCookie`
methods instead, or if low-level control is needed, use `addHeader` instead
......
......@@ -40,7 +40,6 @@ from AccessControl.tainted import TaintedString
from ZPublisher.BaseRequest import BaseRequest
from ZPublisher.BaseRequest import quote
from ZPublisher.Converters import get_converter
from ZPublisher.maybe_lock import allocate_lock
# Flags
SEQUENCE = 1
......@@ -1649,7 +1648,6 @@ class FileUpload:
return self
parse_cookie_lock = allocate_lock()
QPARMRE= re.compile(
'([\x00- ]*([^\x00- ;,="]+)="([^"]*)"([\x00- ]*[;,])?[\x00- ]*)')
PARMRE = re.compile(
......@@ -1661,43 +1659,36 @@ def parse_cookie(text,
qparmre=QPARMRE,
parmre=PARMRE,
paramlessre=PARAMLESSRE,
acquire=parse_cookie_lock.acquire,
release=parse_cookie_lock.release,
):
if result is None:
result = {}
acquire()
try:
mo_q = qparmre.match(text)
mo_q = qparmre.match(text)
if mo_q:
# Match quoted correct cookies
l = len(mo_q.group(1))
name = mo_q.group(2)
value = mo_q.group(3)
if mo_q:
# Match quoted correct cookies
l = len(mo_q.group(1))
name = mo_q.group(2)
value = mo_q.group(3)
else:
# Match evil MSIE cookies ;)
mo_p = parmre.match(text)
if mo_p:
l = len(mo_p.group(1))
name = mo_p.group(2)
value = mo_p.group(3)
else:
# Match evil MSIE cookies ;)
mo_p = parmre.match(text)
if mo_p:
l = len(mo_p.group(1))
name = mo_p.group(2)
value = mo_p.group(3)
# Broken Cookie without = nor value.
broken_p = paramlessre.match(text)
if broken_p:
l = len(broken_p.group(1))
name = broken_p.group(2)
value = ''
else:
# Broken Cookie without = nor value.
broken_p = paramlessre.match(text)
if broken_p:
l = len(broken_p.group(1))
name = broken_p.group(2)
value = ''
else:
return result
finally:
release()
return result
if name not in result:
result[name] = unquote(value)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment