Fix for MODPYTHON-17

grisha · Jan 31, 2005 · 5e8a751 · 5e8a751
1 parent 6b780e4
commit 5e8a751
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/lib/python/mod_python/Cookie.py b/lib/python/mod_python/Cookie.py
@@ -46,7 +46,7 @@
 import marshal
 import base64
 
-import apache
+# import apache
 
 class CookieError(Exception):
     pass
@@ -260,7 +260,10 @@ def parse(Class, s, secret):
 
     def __str__(self):
 
-        m = base64.encodestring(marshal.dumps(self.value))[:-1]
+        m = base64.encodestring(marshal.dumps(self.value))
+        # on long cookies, the base64 encoding can contain multiple lines
+        # separated by \n or \r\n
+        m = ''.join(m.split())
 
         result = ["%s=%s%s" % (self.name, self.hexdigest(m), m)]
         for name in self._valid_attr:

diff --git a/test/test.py b/test/test.py
@@ -1062,7 +1062,28 @@ def test_Cookie_MarshalCookie(self):
 
         if rsp != "test ok" or setcookie != mc:
             print `rsp`
-            self.fail("cookie parsing failed")
+            self.fail("marshalled cookie parsing failed")
+
+        # and now a long MarshalledCookie test !
+
+        mc = ('test=859690207856ec75fc641a7566894e40c1QAAAB0'
+             'aGlzIGlzIGEgdmVyeSBsb25nIHZhbHVlLCBsb25nIGxvb'
+             'mcgbG9uZyBsb25nIGxvbmcgc28gbG9uZyBidXQgd2UnbG'
+             'wgZmluaXNoIGl0IHNvb24=')
+
+        conn = httplib.HTTPConnection("127.0.0.1:%s" % PORT)
+        conn.putrequest("GET", "/testz.py", skip_host=1)
+        conn.putheader("Host", "test_Cookie_MarshalCookie:%s" % PORT)
+        conn.putheader("Cookie", mc)
+        conn.endheaders()
+        response = conn.getresponse()
+        setcookie = response.getheader("set-cookie", None)
+        rsp = response.read()
+        conn.close()
+
+        if rsp != "test ok" or setcookie != mc:
+            print `rsp`
+            self.fail("long marshalled cookie parsing failed")
 
     def test_Session_Session_conf(self):
 
@@ -1187,7 +1208,7 @@ def get_status(path):
         if status != 403:
             self.fail('Vulnerability : new-style method traversal (%i)\n%s' % (status, response))
 
-        status, response = get_status("/tests.py/test_dict/clear")
+        status, response = get_status("/tests.py/test_dict/keys")
         if status != 403:
             self.fail('Vulnerability : built-in type traversal (%i)\n%s' % (status, response))