Skip to content

[PR #11173/85b0df43 backport][3.12] Fix cookie unquoting regression #11179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2025
Merged

[PR #11173/85b0df43 backport][3.12] Fix cookie unquoting regression #11179

merged 1 commit into from
Jun 10, 2025

Conversation

patchback[bot]
Copy link
Contributor

@patchback patchback bot commented Jun 10, 2025

This is a backport of PR #11173 as merged into master (85b0df4).

What do these changes do?

This PR fixes a regression I introduced when vendoring SimpleCookie - I accidentally copied the wrong _unquote function. The correct implementation from Python's http.cookies module is now vendored, which properly handles:

  • Octal escape sequences in cookie values (e.g., \012 for newline, \011 for tab)
  • Escaped quotes (\") and backslashes (\\)
  • All edge cases that the standard library handles

Comprehensive tests have been added to ensure the vendored function behaves identically to SimpleCookie's implementation.

Are there changes in behavior for the user?

Cookie parsing will now correctly handle cookies with octal escape sequences in their values, restoring compatibility with servers that send such cookies. This fixes a regression where these cookies were not being decoded properly.

Is it a substantial burden for the maintainers to support this?

No. This is a straightforward vendoring of a stable function from Python's standard library that has remained unchanged for years. The implementation is well-tested and matches Python's cookie handling behavior exactly. The comprehensive test suite ensures any future changes will be caught.

Related issue number

Checklist

  • I think the code is well written
  • Unit tests for the changes exist
  • Documentation reflects the changes
  • If you provide code modification, please add yourself to CONTRIBUTORS.txt
    • The format is <Name> <Surname>.
    • Please keep alphabetical order, the file is sorted by names.
  • Add a new news fragment into the CHANGES/ folder

    • name it <issue_or_pr_num>.<type>.rst (e.g. 588.bugfix.rst)

    • if you don't have an issue number, change it to the pull request
      number after creating the PR

      • .bugfix: A bug fix for something the maintainers deemed an
        improper undesired behavior that got corrected to match
        pre-agreed expectations.
      • .feature: A new behavior, public APIs. That sort of stuff.
      • .deprecation: A declaration of future API removals and breaking
        changes in behavior.
      • .breaking: When something public is removed in a breaking way.
        Could be deprecated in an earlier release.
      • .doc: Notable updates to the documentation structure or build
        process.
      • .packaging: Notes for downstreams about unobvious side effects
        and tooling. Changes in the test invocation considerations and
        runtime assumptions.
      • .contrib: Stuff that affects the contributor experience. e.g.
        Running tests, building the docs, setting up the development
        environment.
      • .misc: Changes that are hard to assign to any of the above
        categories.

    • Make sure to use full sentences with correct case and punctuation,
      for example:

      Fixed issue with non-ascii contents in doctest text files
-- by :user:`contributor-gh-handle`.

      Use the past tense or the present tense a non-imperative mood,
      referring to what's changed compared to the last released version
      of this project.

@patchback patchback bot requested review from webknjaz and asvetlov as code owners June 10, 2025 02:49
@patchback patchback bot mentioned this pull request Jun 10, 2025
Merged
5 tasks
@bdraco bdraco enabled auto-merge (squash) June 10, 2025 02:56
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 10, 2025

CodSpeed Performance Report

Merging #11179 will not alter performance

Comparing patchback/backports/3.12/85b0df43bf99aeb1b5258aecae19d40a16ac273e/pr-11173 (3aaedf9) with 3.12 (2a7ed29)

Summary

✅ 59 untouched benchmarks

@codecov Codecov
Copy link

codecov bot commented Jun 10, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.30%. Comparing base (2a7ed29) to head (3aaedf9).
Report is 1 commits behind head on 3.12.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             3.12   #11179   +/-   ##
=======================================
  Coverage   98.30%   98.30%           
=======================================
  Files         132      132           
  Lines       43245    43289   +44     
  Branches     2374     2376    +2     
=======================================
+ Hits        42511    42555   +44     
  Misses        558      558           
  Partials      176      176
Flag Coverage Δ
CI-GHA 98.19% <100.00%> (+<0.01%) ⬆️
OS-Linux 97.94% <100.00%> (+<0.01%) ⬆️
OS-Windows 95.63% <100.00%> (-0.01%) ⬇️
OS-macOS 97.18% <100.00%> (+<0.01%) ⬆️
Py-3.10.11 96.83% <100.00%> (-0.01%) ⬇️
Py-3.10.17 97.32% <100.00%> (+<0.01%) ⬆️
Py-3.11.12 97.52% <100.00%> (+<0.01%) ⬆️
Py-3.11.9 97.02% <100.00%> (+<0.01%) ⬆️
Py-3.12.10 97.86% <100.00%> (+<0.01%) ⬆️
Py-3.13.3 97.85% <100.00%> (+<0.01%) ⬆️
Py-3.9.13 96.72% <100.00%> (+<0.01%) ⬆️
Py-3.9.22 97.21% <100.00%> (+<0.01%) ⬆️
Py-pypy7.3.16 87.12% <100.00%> (-0.83%) ⬇️
VM-macos 97.18% <100.00%> (+<0.01%) ⬆️
VM-ubuntu 97.94% <100.00%> (+<0.01%) ⬆️
VM-windows 95.63% <100.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bdraco bdraco merged commit 608d8ff into 3.12 Jun 10, 2025
32 checks passed
@bdraco bdraco deleted the patchback/backports/3.12/85b0df43bf99aeb1b5258aecae19d40a16ac273e/pr-11173 branch June 10, 2025 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdraco bdraco bdraco approved these changes

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bdraco