diff options
| author | Michael Merickel <michael@merickel.org> | 2019-11-26 09:01:19 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-26 09:01:19 -0600 |
| commit | 4d276efe5fd806b74d604c3c8817c0c72808c491 (patch) | |
| tree | 6a36254ebf9e2e33a8eb537efb74072c7e9e9e3f /src | |
| parent | b30710e83cf89aab92f64f5535ce0fcb560a787c (diff) | |
| parent | 5a77d1dc082d0f2cedc7320616f2d96f61a3ed9c (diff) | |
| download | pyramid-4d276efe5fd806b74d604c3c8817c0c72808c491.tar.gz pyramid-4d276efe5fd806b74d604c3c8817c0c72808c491.tar.bz2 pyramid-4d276efe5fd806b74d604c3c8817c0c72808c491.zip | |
Merge pull request #3524 from jvanasco/fix-deprecate_PickleSerializer
deprecate PickleSerializer
Diffstat (limited to 'src')
| -rw-r--r-- | src/pyramid/session.py | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/src/pyramid/session.py b/src/pyramid/session.py index 70ac4f55f..10e1ea313 100644 --- a/src/pyramid/session.py +++ b/src/pyramid/session.py @@ -44,14 +44,25 @@ def manage_changed(wrapped): class PickleSerializer(object): - """ A serializer that uses the pickle protocol to dump Python - data to bytes. + """ + .. deprecated:: 2.0 + + .. warning:: + + In :app:`Pyramid` 2.0 the default ``serializer`` option changed to + use :class:`pyramid.session.JSONSerializer`, and ``PickleSerializer`` + has been been removed from active Pyramid code. + + Pyramid will require JSON-serializable objects in :app:`Pyramid` 2.0. + + Please see :ref:`pickle_session_deprecation`. - This is the default serializer used by Pyramid. + A serializer that uses the pickle protocol to dump Python data to bytes. + + This was the default serializer used by Pyramid, but has been deprecated. ``protocol`` may be specified to control the version of pickle used. Defaults to :attr:`pickle.HIGHEST_PROTOCOL`. - """ def __init__(self, protocol=pickle.HIGHEST_PROTOCOL): @@ -61,8 +72,9 @@ class PickleSerializer(object): """Accept bytes and return a Python object.""" try: return pickle.loads(bstruct) - # at least ValueError, AttributeError, ImportError but more to be safe except Exception: + # this block should catch at least: + # ValueError, AttributeError, ImportError; but more to be safe raise ValueError def dumps(self, appstruct): @@ -70,6 +82,14 @@ class PickleSerializer(object): return pickle.dumps(appstruct, self.protocol) +deprecated( + 'PickleSerializer', + 'pyramid.session.PickleSerializer is deprecated as of Pyramid 2.0 for ' + 'security concerns. Use pyramid.session.JSONSerializer or reference the ' + 'narrative documentation for information on building a migration tool.', +) + + JSONSerializer = JSONSerializer # api @@ -438,10 +458,10 @@ def SignedCookieSessionFactory( .. warning:: - In :app:`Pyramid` 2.0 the default ``serializer`` option changed to - use :class:`pyramid.session.JSONSerializer`. See - :ref:`pickle_session_deprecation` for more information about why this - change was made. + In :app:`Pyramid` 2.0 the default ``serializer`` option changed to + use :class:`pyramid.session.JSONSerializer`. See + :ref:`pickle_session_deprecation` for more information about why this + change was made. .. versionadded: 1.5a3 |