diff -r 5a87fb8df5fe Lib/http/cookiejar.py --- a/Lib/http/cookiejar.py Mon Mar 09 10:37:59 2015 -0400 +++ b/Lib/http/cookiejar.py Mon Mar 09 22:39:38 2015 -0700 @@ -472,26 +472,40 @@ for ns_header in ns_headers: pairs = [] version_set = False - for ii, param in enumerate(re.split(r";\s*", ns_header)): - param = param.rstrip() - if param == "": continue - if "=" not in param: - k, v = param, None - else: - k, v = re.split(r"\s*=\s*", param, maxsplit=1) - k = k.lstrip() + + # XXX: The following does not strictly adhere to RFCs in that empty + # names and values are legal (the former will only appear once and will + # be overwritten if multiple occurrences are present). This is + # mostly to deal with backwards compatibility. + for ii, param in enumerate(ns_header.split(';')): + param = param.strip() + + key, sep, val = param.partition('=') + key = key.strip() + + if len(key) == 0: + if ii == 0: + break + else: + continue + + # allow for a distinction between present and empty and missing + # altogether + val = val.strip() if len(sep) > 0 else None + if ii != 0: - lc = k.lower() + lc = key.lower() if lc in known_attrs: - k = lc - if k == "version": + key = lc + + if key == "version": # This is an RFC 2109 cookie. - v = strip_quotes(v) + val = strip_quotes(val) version_set = True - if k == "expires": + elif key == "expires": # convert expires date to seconds since epoch - v = http2time(strip_quotes(v)) # None if invalid - pairs.append((k, v)) + val = http2time(strip_quotes(val)) # None if invalid + pairs.append((key, val)) if pairs: if not version_set: diff -r 5a87fb8df5fe Lib/test/test_http_cookiejar.py --- a/Lib/test/test_http_cookiejar.py Mon Mar 09 10:37:59 2015 -0400 +++ b/Lib/test/test_http_cookiejar.py Mon Mar 09 22:39:38 2015 -0700 @@ -479,6 +479,9 @@ interact_netscape(c, "http://www.acme.com:80/", 'foo=bar; expires=') interact_netscape(c, "http://www.acme.com:80/", 'spam=eggs; ' 'expires="Foo Bar 25 33:22:11 3022"') + interact_netscape(c, 'http://www.acme.com/', 'fortytwo=') + interact_netscape(c, 'http://www.acme.com/', '=unladenswallow') + interact_netscape(c, 'http://www.acme.com/', 'holyhandgrenade') cookie = c._cookies[".acme.com"]["/"]["spam"] self.assertEqual(cookie.domain, ".acme.com") @@ -505,6 +508,16 @@ self.assertIsNone(foo.expires) self.assertIsNone(spam.expires) + cookie = c._cookies['www.acme.com']['/']['fortytwo'] + self.assertIsNotNone(cookie.value) + self.assertEqual(cookie.value, '') + + # there should be a distinction between a present but empty value + # (above) and a value that's entirely missing (below) + + cookie = c._cookies['www.acme.com']['/']['holyhandgrenade'] + self.assertIsNone(cookie.value) + def test_ns_parser_special_names(self): # names such as 'expires' are not special in first name=value pair # of Set-Cookie: header @@ -1092,6 +1105,8 @@ c.extract_cookies(r, req) return c + future = time2netscape(time.time()+3600) + # none of these bad headers should cause an exception to be raised for headers in [ ["Set-Cookie: "], # actually, nothing wrong with this @@ -1102,6 +1117,7 @@ ["Set-Cookie: b=foo; max-age=oops"], # bad version ["Set-Cookie: b=foo; version=spam"], + ["Set-Cookie:; Expires=%s" % future], ]: c = cookiejar_from_cookie_headers(headers) # these bad cookies shouldn't be set