Brian Sutherland wrote:
On Wed, May 03, 2006 at 01:32:49AM +0200, Daniel Nouri wrote:
So, after talking to philiKON and jinty on IRC, I wrote this rather
kludgy test that shows that there's a problem with the current
implementation of testbrowser in Five and cookies.
Attached is a patch that contains both the test and the fix. Note that
I couldn't find the time to write a test for Zope 3 that would show that
the Zope 3 setup does *not* eat away your cookies. jinty suggested I
should do that, but I think the included test makes things clear enough.
I just wanted an example of what Zope3 does, but was too lazy to find
one myself. But yeah, your test makes it absolutely clear to me that
this is a bug we need to fix. I'll commit your patch (or something like
it) to the trunk and Five 1.4 branches.
Sometimes it's easier to understand tests than patches or english.
+ >>> response = self.publish('/test_folder_1_')
+ >>> print str(response) # doctest: +ELLIPSIS
+ Status: 200 OK
+ X-Powered-By: Zope (www.zope.org), Python (www.python.org)
+ Content-Length: 0
+ Set-Cookie: evil="cookie"
Interesting, Zope3 does not put quotes around cookie values, but Zope2
always does. I wonder which is right?
Zope 2 was wrong (and it's been reported a number of time that it sometimes
prevent interoperability with other systems) but changing it would break too
much Zope 3 apps.
Florent Guillaume, Nuxeo (Paris, France) Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -