De-applying patches to autoquote cookie values due to fears of breakage

and lack of coverage in the code.

De-applying patches to autoquote cookie values due to fears of breakage
and lack of coverage in the code.
931c2af1 · Chris McDonough · 6d0ca8e3 · 931c2af1 · 931c2af1 · 931c2af1
Commit 931c2af1 authored Aug 21, 2002 by Chris McDonough
5 changed files
--- a/lib/python/Products/OFSP/help/Request.py
+++ b/lib/python/Products/OFSP/help/Request.py
@@ -41,8 +41,7 @@ class Request:
      - Cookies
-          These are the cookie data, if present.  Cookie values
+          These are the cookie data, if present.
-          are unquoted using url_unquote_plus.
      - Lazy Data

--- a/lib/python/Products/OFSP/help/Response.py
+++ b/lib/python/Products/OFSP/help/Response.py
@@ -120,11 +120,6 @@ class Response:
        "value". This overwrites any previously set value for the
        cookie in the Response object.
-        The value passed in is quoted using url_quote_plus before
-        the cookie is sent to the browser, and is unquoted using
-        url_unquote_plus when the cookie is received back from
-        the browser and stored in REQUEST.cookies.
        Permission -- Always available
        '''

--- a/lib/python/ZPublisher/BaseResponse.py
+++ b/lib/python/ZPublisher/BaseResponse.py
@@ -12,11 +12,10 @@
 ##############################################################################
 '''CGI Response Output formatter
-$Id: BaseResponse.py,v 1.16 2002/08/14 22:09:40 mj Exp $'''
+$Id: BaseResponse.py,v 1.17 2002/08/21 03:09:31 chrism Exp $'''
-__version__ = '$Revision: 1.16 $'[11:-2]
+__version__ = '$Revision: 1.17 $'[11:-2]
 import  types, sys
-from urllib import quote_plus
 from types import StringType, InstanceType
 from zExceptions import Unauthorized
@@ -72,10 +71,6 @@ class BaseResponse:
        cookie-enabled browsers with a key "name" and value
        "value". This overwrites any previously set value for the
        cookie in the Response object.
-        The value is quoted using urllib's url_quote_plus, which
-        quoting will be undone when the value is accessed through
-        REQUEST in a later transaction.
        '''
        cookies = self.cookies
        if cookies.has_key(name):
@@ -84,7 +79,7 @@ class BaseResponse:
            cookie = cookies[name] = {}
        for k, v in kw.items():
            cookie[k] = v
-        cookie['value'] = quote_plus(value)
+        cookie['value'] = value
    def appendBody(self, body):
        self.setBody(self.getBody() + body)

--- a/lib/python/ZPublisher/HTTPRequest.py
+++ b/lib/python/ZPublisher/HTTPRequest.py
@@ -11,13 +11,13 @@
 #
 ##############################################################################
-__version__='$Revision: 1.79 $'[11:-2]
+__version__='$Revision: 1.80 $'[11:-2]
 import re, sys, os,  urllib, time, random, cgi, codecs
 from BaseRequest import BaseRequest
 from HTTPResponse import HTTPResponse
 from cgi import FieldStorage, escape
-from urllib import quote, unquote, unquote_plus, splittype, splitport
+from urllib import quote, unquote, splittype, splitport
 from copy import deepcopy
 from Converters import get_converter
 from TaintedString import TaintedString
@@ -1458,7 +1458,7 @@ def parse_cookie(text,
    finally: release()
-    if not already_have(name): result[name]=unquote_plus(value)
+    if not already_have(name): result[name]=value
    return apply(parse_cookie,(text[l:],result))

--- a/lib/python/ZPublisher/HTTPResponse.py
+++ b/lib/python/ZPublisher/HTTPResponse.py
@@ -12,12 +12,11 @@
 ##############################################################################
 '''CGI Response Output formatter
-$Id: HTTPResponse.py,v 1.68 2002/08/14 22:09:40 mj Exp $'''
+$Id: HTTPResponse.py,v 1.69 2002/08/21 03:09:31 chrism Exp $'''
-__version__ = '$Revision: 1.68 $'[11:-2]
+__version__ = '$Revision: 1.69 $'[11:-2]
 import types, os, sys, re
 import zlib, struct
-from urllib import quote_plus
 from string import translate, maketrans
 from types import StringType, InstanceType, LongType, UnicodeType
 from BaseResponse import BaseResponse
@@ -492,10 +491,6 @@ class HTTPResponse(BaseResponse):
        cookie-enabled browsers with a key "name" and value
        "value". This overwrites any previously set value for the
        cookie in the Response object.
-        The value is quoted using urllib's url_quote_plus, which
-        quoting will be undone when the value is accessed through
-        REQUEST in a later transaction.
        '''
        cookies = self.cookies
        if cookies.has_key(name):
@@ -504,7 +499,7 @@ class HTTPResponse(BaseResponse):
            cookie = cookies[name] = {}
        for k, v in kw.items():
            cookie[k] = v
-        cookie['value'] = quote_plus(value)
+        cookie['value'] = value
    def appendHeader(self, name, value, delimiter=","):
        '''\