Fixed #6764 -- Added some error checking around cookie decoding. Thanks,

Michael Axiak. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7257 bcc190cf-cafb-0310-a4f2-bffc1f526a37
django · Mar 17, 2008 · 30bdabb · 30bdabb
1 parent 8defa8f
commit 30bdabb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/django/http/__init__.py b/django/http/__init__.py
@@ -1,5 +1,5 @@
 import os
-from Cookie import SimpleCookie
+from Cookie import SimpleCookie, CookieError
 from pprint import pformat
 from urllib import urlencode
 from urlparse import urljoin
@@ -239,8 +239,13 @@ def urlencode(self):
 def parse_cookie(cookie):
     if cookie == '':
         return {}
-    c = SimpleCookie()
-    c.load(cookie)
+    try:
+        c = SimpleCookie()
+        c.load(cookie)
+    except CookieError:
+        # Invalid cookie
+        return {}
+
     cookiedict = {}
     for key in c.keys():
         cookiedict[key] = c.get(key).value

diff --git a/tests/regressiontests/requests/tests.py b/tests/regressiontests/requests/tests.py
@@ -31,4 +31,8 @@
 POST:{},
 COOKIES:{},
 META:{}>
+
+>>> from django.http import parse_cookie
+>>> parse_cookie('invalid:key=true')
+{}
 """