Browse Source

Magic numbers to verify my cookies.

pull/24/head
Ben Kurtovic 12 years ago
parent
commit
4c8d724039
3 changed files with 10 additions and 6 deletions
  1. +1
    -1
      static/js/copyvios.js
  2. +8
    -3
      toolserver/cookies.py
  3. +1
    -2
      toolserver/settings.py

+ 1
- 1
static/js/copyvios.js View File

@@ -16,7 +16,7 @@ function get_cookie(name) {
} }


function set_cookie(name, value, days) { function set_cookie(name, value, days) {
value = window.btoa(value);
value = window.btoa("--ets1" + value);
var path = window.location.pathname.split("/", 2)[1]; var path = window.location.pathname.split("/", 2)[1];
if (days) { if (days) {
var date = new Date(); var date = new Date();


+ 8
- 3
toolserver/cookies.py View File

@@ -6,6 +6,8 @@ from datetime import datetime, timedelta
from os import path from os import path


class _CookieManager(SimpleCookie): class _CookieManager(SimpleCookie):
MAGIC = "--ets1"

def __init__(self, environ): def __init__(self, environ):
self._path = path.split(environ["PATH_INFO"])[0] self._path = path.split(environ["PATH_INFO"])[0]
try: try:
@@ -19,12 +21,15 @@ class _CookieManager(SimpleCookie):
def value_decode(self, value): def value_decode(self, value):
unquoted = super(_CookieManager, self).value_decode(value)[0] unquoted = super(_CookieManager, self).value_decode(value)[0]
try: try:
return base64.b64decode(unquoted).decode("utf8"), value
decoded = base64.b64decode(unquoted).decode("utf8")
except (TypeError, UnicodeDecodeError): except (TypeError, UnicodeDecodeError):
return False, "False" return False, "False"
if decoded.startswith(self.MAGIC):
return decoded[len(self.MAGIC):], value
return False, "False"


def value_encode(self, value): def value_encode(self, value):
encoded = base64.b64encode(value.encode("utf8"))
encoded = base64.b64encode(self.MAGIC + value.encode("utf8"))
quoted = super(_CookieManager, self).value_encode(encoded)[1] quoted = super(_CookieManager, self).value_encode(encoded)[1]
return value, quoted return value, quoted


@@ -45,4 +50,4 @@ def set_cookie(headers, cookies, key, value, days=0):
headers.append(("Set-Cookie", cookies[key].OutputString())) headers.append(("Set-Cookie", cookies[key].OutputString()))


def delete_cookie(headers, cookies, key): def delete_cookie(headers, cookies, key):
set_cookie(headers, cookies, key, "", days=-1)
set_cookie(headers, cookies, key, u"", days=-1)

+ 1
- 2
toolserver/settings.py View File

@@ -22,8 +22,7 @@ def main(context, environ, headers):
delete_cookie(headers, cookies, query.cookie) delete_cookie(headers, cookies, query.cookie)
elif query.all: elif query.all:
for cookie in cookies.values(): for cookie in cookies.values():
if cookie.path.startswith(cookies.path):
delete_cookie(headers, cookies, cookie.key)
delete_cookie(headers, cookies, cookie.key)


bot = get_bot() bot = get_bot()
langs, projects = get_sites(bot) langs, projects = get_sites(bot)


Loading…
Cancel
Save