Message230205
OK, so there are two root issues here:
* Django uses __init__(str()) roundtripping, which is not explicitly supported by the library, and worked by accident with previous versions. That it works again with 3.3+ is another accident, and a bug.
(The change for #16611 reintroduces "lax" parsing behavior that the security fix was supposed to prevent.)
* BaseCookie doesn't roundtrip correctly when pickled with protocol >= 2. This should be fixed in upcoming bugfix releases.
I would advise Django to subclass SimpleCookie and fix the pickling issue, which is not hard (see attached diff). |
|
Date |
User |
Action |
Args |
2014-10-29 11:30:16 | georg.brandl | set | recipients:
+ georg.brandl, pitrou, r.david.murray, berker.peksag, Tim.Graham |
2014-10-29 11:30:16 | georg.brandl | set | messageid: <1414582216.08.0.561107467016.issue22758@psf.upfronthosting.co.za> |
2014-10-29 11:30:16 | georg.brandl | link | issue22758 messages |
2014-10-29 11:30:16 | georg.brandl | create | |
|