From 4c8d724039cb45ad0a3499cdffe2d79ff382c0db Mon Sep 17 00:00:00 2001 From: Ben Kurtovic Date: Tue, 24 Jul 2012 01:05:53 -0400 Subject: [PATCH] Magic numbers to verify my cookies. --- static/js/copyvios.js | 2 +- toolserver/cookies.py | 11 ++++++++--- toolserver/settings.py | 3 +-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/static/js/copyvios.js b/static/js/copyvios.js index 901e486..47d18d8 100644 --- a/static/js/copyvios.js +++ b/static/js/copyvios.js @@ -16,7 +16,7 @@ function get_cookie(name) { } function set_cookie(name, value, days) { - value = window.btoa(value); + value = window.btoa("--ets1" + value); var path = window.location.pathname.split("/", 2)[1]; if (days) { var date = new Date(); diff --git a/toolserver/cookies.py b/toolserver/cookies.py index 4362533..1d1d6f6 100644 --- a/toolserver/cookies.py +++ b/toolserver/cookies.py @@ -6,6 +6,8 @@ from datetime import datetime, timedelta from os import path class _CookieManager(SimpleCookie): + MAGIC = "--ets1" + def __init__(self, environ): self._path = path.split(environ["PATH_INFO"])[0] try: @@ -19,12 +21,15 @@ class _CookieManager(SimpleCookie): def value_decode(self, value): unquoted = super(_CookieManager, self).value_decode(value)[0] try: - return base64.b64decode(unquoted).decode("utf8"), value + decoded = base64.b64decode(unquoted).decode("utf8") except (TypeError, UnicodeDecodeError): return False, "False" + if decoded.startswith(self.MAGIC): + return decoded[len(self.MAGIC):], value + return False, "False" def value_encode(self, value): - encoded = base64.b64encode(value.encode("utf8")) + encoded = base64.b64encode(self.MAGIC + value.encode("utf8")) quoted = super(_CookieManager, self).value_encode(encoded)[1] return value, quoted @@ -45,4 +50,4 @@ def set_cookie(headers, cookies, key, value, days=0): headers.append(("Set-Cookie", cookies[key].OutputString())) def delete_cookie(headers, cookies, key): - set_cookie(headers, cookies, key, "", days=-1) + set_cookie(headers, cookies, key, u"", days=-1) diff --git a/toolserver/settings.py b/toolserver/settings.py index cc42ab8..f3609e5 100644 --- a/toolserver/settings.py +++ b/toolserver/settings.py @@ -22,8 +22,7 @@ def main(context, environ, headers): delete_cookie(headers, cookies, query.cookie) elif query.all: for cookie in cookies.values(): - if cookie.path.startswith(cookies.path): - delete_cookie(headers, cookies, cookie.key) + delete_cookie(headers, cookies, cookie.key) bot = get_bot() langs, projects = get_sites(bot)