json cookies break cookie parsing

please find a patch that fixed the issue for me attached here

patch for added test case to testHTTPRequest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mag wrote:
> Public bug reported:
>
> If a cookie has any double quotes (") as many JSON cookies do. The
> cookie parsing for the JSON cookie and all subsequent cookies fail.
> Please see the attached screenshot for details.
>
> Platform: OSX 10.5
> Python: 2.4.4
> Zope: 2.11.2
> Browser: Firefox 3.6.3
>
> ** Affects: zope2
> Importance: Undecided
> Status: New

 status confirmed
 assignee tseaver

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkvIYRoACgkQ+gerLs4ltQ6tIgCgq5ceYjrxqzIzP2Cx6LbuGdkB
4pMAn3HcDnYQ6r63uc63/++YkwkMk0UT
=F4rt
-----END PGP SIGNATURE-----

RFC 2965[1] governs HTTP cookies, and mandates that the 'value' side of a cookie av-pair be one of either 'token' (sequence of non-whitespace, non-separators), or 'quoted-string' (double quotes around a sequence of anything *except* non-escaped double quotes), both as specified in RFC 2616[2].

So, whatever code you have which is generating such a cookie without escaping the quotes with backslashes is in violation of the spec. The 'HTTPResponse.setCookie' method should probably be doing the escaping, as well as wrapping any non-token values in double quotes, and 'parse_cookie' should handle the unescaping and stripping of quotes.

 [1] http://tools.ietf.org/html/rfc2965
 [2] http://tools.ietf.org/html/rfc2616

I will apply the patch anyway, as it doesn't break other tests, or introduce any new complexity to 'parse_cookie'.

Thanks very much for the patch. Now committed to the 2.11 branch:

 http://svn.zope.org/Zope/branches/2.11/?rev=110970&view=rev

the 2.12 branch:

 http://svn.zope.org/Zope/branches/2.12/?rev=110971&view=rev

and the trunk:

 http://svn.zope.org/Zope/trunk/?rev=110973&view=rev