Skip to content

Commit

Permalink
Backport PR #4762: whitelist alphanumeric characters for cookie_name
Browse files Browse the repository at this point in the history 
should fix #4761
  • Loading branch information
@takluyver
takluyver committed Jan 7, 2014
1 parent 56c2565 commit 012f895
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions IPython/html/base/handlers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import logging
import mimetypes
import os
import re
import stat
import threading

Expand Down Expand Up @@ -92,6 +93,7 @@ def _execute(self, transforms, *args, **kwargs):
#-----------------------------------------------------------------------------
# Top-level handlers
#-----------------------------------------------------------------------------
non_alphanum = re.compile(r'[^A-Za-z0-9]')

class RequestHandler(web.RequestHandler):
"""RequestHandler with default variable setting."""
Expand Down Expand Up @@ -120,9 +122,9 @@ def get_current_user(self):

@property
def cookie_name(self):
default_cookie_name = 'username-{host}'.format(
host=self.request.host,
).replace(':', '-')
default_cookie_name = non_alphanum.sub('-', 'username-{}'.format(
self.request.host
))
return self.settings.get('cookie_name', default_cookie_name)

@property
Expand Down

0 comments on commit 012f895

Please sign in to comment.