Author georg.brandl
Recipients Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date 2014-10-29.11:30:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1414582216.08.0.561107467016.issue22758@psf.upfronthosting.co.za>
In-reply-to
Content
OK, so there are two root issues here:

* Django uses __init__(str()) roundtripping, which is not explicitly supported by the library, and worked by accident with previous versions.  That it works again with 3.3+ is another accident, and a bug.

(The change for #16611 reintroduces "lax" parsing behavior that the security fix was supposed to prevent.)

* BaseCookie doesn't roundtrip correctly when pickled with protocol >= 2.  This should be fixed in upcoming bugfix releases.

I would advise Django to subclass SimpleCookie and fix the pickling issue, which is not hard (see attached diff).
History
Date User Action Args
2014-10-29 11:30:16georg.brandlsetrecipients: + georg.brandl, pitrou, r.david.murray, berker.peksag, Tim.Graham
2014-10-29 11:30:16georg.brandlsetmessageid: <1414582216.08.0.561107467016.issue22758@psf.upfronthosting.co.za>
2014-10-29 11:30:16georg.brandllinkissue22758 messages
2014-10-29 11:30:16georg.brandlcreate