From ff93ffb858db15ec70ba57b7850cb9cb01d531c8 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 15 Aug 2023 09:56:10 +0800 Subject: [PATCH 1/1] don't strip leading = when parsing cookie Origin: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 --- src/werkzeug/_internal.py | 13 +++++++++---- tests/test_http.py | 2 ++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 1d2eaf5..fe69ccb 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -40,7 +40,7 @@ _quote_re = re.compile(br"[\\].") _legal_cookie_chars_re = br"[\w\d!#%&\'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]" _cookie_re = re.compile( br""" - (?P[^=;]+) + (?P[^=;]*) (?:\s*=\s* (?P "(?:[^\\"]|\\.)*" | @@ -316,16 +316,21 @@ def _cookie_parse_impl(b): """Lowlevel cookie parsing facility that operates on bytes.""" i = 0 n = len(b) + b += b";" while i < n: - match = _cookie_re.search(b + b";", i) + match = _cookie_re.match(b, i) + if not match: break - key = match.group("key").strip() - value = match.group("val") or b"" i = match.end(0) + key = match.group("key").strip() + + if not key: + continue + value = match.group("val") or b"" yield _cookie_unquote(key), _cookie_unquote(value) diff --git a/tests/test_http.py b/tests/test_http.py index 5725170..58042c0 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -446,6 +446,7 @@ class TestHTTPUtility(object): cookies = http.parse_cookie( "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;" ' a=42; b="\\";"; ; fo234{=bar;blub=Blah;' + "==__Host-eq=bad;__Host-eq=good;" ) assert cookies.to_dict() == { "CP": u"null*", @@ -455,6 +456,7 @@ class TestHTTPUtility(object): "b": u'";', "fo234{": u"bar", "blub": u"Blah", + "__Host-eq": "good", } def test_dump_cookie(self): -- 2.30.0