@@ -34,22 +34,28 @@ def __init__(self, requestDict=None):
3434 self ._environ = requestDict ['environ' ]
3535 self ._input = requestDict ['input' ]
3636 self ._requestID = requestDict ['requestID' ]
37+ # Protect the loading of fields with an exception handler,
38+ # because bad headers sometimes can break the field storage
39+ # (see also https://bugs.python.org/issue27777).
3740 try :
3841 self ._fields = FieldStorage .FieldStorage (
3942 self ._input , environ = self ._environ ,
4043 keep_blank_values = True , strict_parsing = False )
4144 except Exception :
42- # Protect the loading of fields with an exception handler,
43- # because bad headers sometimes can break the field storage
44- # (see also https://bugs.python.org/issue27777).
4545 self ._fields = cgi .FieldStorage (keep_blank_values = True )
4646 traceback .print_exc (file = sys .stderr )
4747 self ._cookies = Cookie ()
4848 if 'HTTP_COOKIE' in self ._environ :
49+ # If there are duplicate cookies, always use the first one
50+ # because it is the most relevant one according to RFC 2965
51+ # (workaround for https://bugs.python.org/issue1375011).
52+ # noinspection PyTypeChecker
53+ cookies = dict (cookie .split ('=' , 1 ) for cookie in reversed (
54+ self ._environ ['HTTP_COOKIE' ].split ('; ' )))
4955 # Protect the loading of cookies with an exception handler,
5056 # because MSIE cookies sometimes can break the cookie module.
5157 try :
52- self ._cookies .load (self . _environ [ 'HTTP_COOKIE' ] )
58+ self ._cookies .load (cookies )
5359 except Exception :
5460 traceback .print_exc (file = sys .stderr )
5561 else :
0 commit comments