Brian Sutherland wrote:
On Wed, May 03, 2006 at 01:32:49AM +0200, Daniel Nouri wrote:
So, after talking to philiKON and jinty on IRC, I wrote this rather
kludgy test that shows that there's a problem with the current
implementation of testbrowser in Five and cookies.

Attached is a patch that contains both the test and the fix.  Note that
I couldn't find the time to write a test for Zope 3 that would show that
the Zope 3 setup does *not* eat away your cookies.  jinty suggested I
should do that, but I think the included test makes things clear enough.

I just wanted an example of what Zope3 does, but was too lazy to find
one myself. But yeah, your test makes it absolutely clear to me that
this is a bug we need to fix. I'll commit your patch (or something like
it) to the trunk and Five 1.4 branches.

Sometimes it's easier to understand tests than patches or english.

+      >>> response = self.publish('/test_folder_1_')
+      >>> print str(response) # doctest: +ELLIPSIS
+      Status: 200 OK
+      X-Powered-By: Zope (, Python (
+      Content-Length: 0
+      Set-Cookie: evil="cookie"

Interesting, Zope3 does not put quotes around cookie values, but Zope2
always does. I wonder which is right?

Zope 2 was wrong (and it's been reported a number of time that it sometimes prevent interoperability with other systems) but changing it would break too much Zope 3 apps.


Florent Guillaume, Nuxeo (Paris, France)   Director of R&D
+33 1 40 33 71 59   [EMAIL PROTECTED]
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to