Patch #655760: add warnings when the unsafe *Cookie classes are instantiated

7877a761 · Andrew M. Kuchling · ea3fdf44 · 7877a761
Kaydet (Commit) 7877a761 authored Ara 29, 2002 tarafından Andrew M. Kuchling
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

Cookie.py Lib/Cookie.py +11 -1

No files found.
--- a/Lib/Cookie.py
+++ b/Lib/Cookie.py
@@ -222,7 +222,7 @@ try:
 except ImportError:
    from pickle import dumps, loads

-import re
+import re, warnings

 __all__ = ["CookieError","BaseCookie","SimpleCookie","SerialCookie",
           "SmartCookie","Cookie"]
@@ -682,6 +682,11 @@ class SerialCookie(BaseCookie):
    Note: HTTP has a 2k limit on the size of a cookie.  This class
    does not check for this limit, so be careful!!!
    """
+    def __init__(self, input=None):
+        warnings.warn("SerialCookie class is insecure; do not use it",
+                      DeprecationWarning)
+        BaseCookie.__init__(self, input)
+    # end __init__
    def value_decode(self, val):
        # This could raise an exception!
        return loads( _unquote(val) ), val
@@ -702,6 +707,11 @@ class SmartCookie(BaseCookie):
    Note: HTTP has a 2k limit on the size of a cookie.  This class
    does not check for this limit, so be careful!!!
    """
+    def __init__(self, input=None):
+        warnings.warn("Cookie/SmartCookie class is insecure; do not use it",
+                      DeprecationWarning)
+        BaseCookie.__init__(self, input)
+    # end __init__
    def value_decode(self, val):
        strval = _unquote(val)
        try: