From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Karol Hosiawa" Newsgroups: gmane.emacs.bugs,gmane.emacs.pretest.bugs Subject: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls Date: Fri, 21 Nov 2008 15:23:37 +0000 Message-ID: <577ed7ae0811210723s786a74c1l5f4292e653f04af1@mail.gmail.com> Reply-To: Karol Hosiawa , 1401@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1227289210 7402 80.91.229.12 (21 Nov 2008 17:40:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 21 Nov 2008 17:40:10 +0000 (UTC) To: emacs-pretest-bug@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Nov 21 18:41:13 2008 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1L3a0E-0006nO-7y for geb-bug-gnu-emacs@m.gmane.org; Fri, 21 Nov 2008 18:41:10 +0100 Original-Received: from localhost ([127.0.0.1]:46933 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L3Zz5-0000Sb-5m for geb-bug-gnu-emacs@m.gmane.org; Fri, 21 Nov 2008 12:39:59 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1L3Xxc-0002pF-12 for bug-gnu-emacs@gnu.org; Fri, 21 Nov 2008 10:30:20 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1L3XxZ-0002ob-4R for bug-gnu-emacs@gnu.org; Fri, 21 Nov 2008 10:30:19 -0500 Original-Received: from [199.232.76.173] (port=43735 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L3XxY-0002oY-VM for bug-gnu-emacs@gnu.org; Fri, 21 Nov 2008 10:30:17 -0500 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:55101) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1L3XxY-0006ER-G1 for bug-gnu-emacs@gnu.org; Fri, 21 Nov 2008 10:30:16 -0500 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mALFU9JX013384; Fri, 21 Nov 2008 07:30:10 -0800 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id mALFU2Jg012817; Fri, 21 Nov 2008 07:30:02 -0800 X-Loop: don@donarmstrong.com Resent-From: "Karol Hosiawa" Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Fri, 21 Nov 2008 15:30:02 +0000 Resent-Message-ID: Resent-Sender: don@donarmstrong.com X-Emacs-PR-Message: report 1401 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by submit@emacsbugs.donarmstrong.com id=B.122728102611375 (code B ref -1); Fri, 21 Nov 2008 15:30:02 +0000 Original-Received: (at submit) by emacsbugs.donarmstrong.com; 21 Nov 2008 15:23:46 +0000 Original-Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mALFNgAJ011369 for ; Fri, 21 Nov 2008 07:23:43 -0800 Original-Received: from mx10.gnu.org ([199.232.76.166]:41744) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1L3Xr0-0005U3-7c for emacs-pretest-bug@gnu.org; Fri, 21 Nov 2008 10:23:30 -0500 Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1L3XrA-0005kV-Iy for emacs-pretest-bug@gnu.org; Fri, 21 Nov 2008 10:23:41 -0500 Original-Received: from rn-out-0910.google.com ([64.233.170.188]:18189) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1L3XrA-0005kP-9Z for emacs-pretest-bug@gnu.org; Fri, 21 Nov 2008 10:23:40 -0500 Original-Received: by rn-out-0910.google.com with SMTP id k32so911424rnd.7 for ; Fri, 21 Nov 2008 07:23:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=wDPInK9DMBZL/tmJjIufJ7Z8melf5Ylps66kCgdkGKE=; b=VmuuK/A47IVEEXmWYFZjI8wnV5ZB6wpZ6VW/xZfuBQv+A7fbxOEA6yJZk/ngjxnz5+ GK1xbLuKa9R7eUtu5x9HVAvZBcR0xF9KOcKCNwbCyX+u94Oo1o0CmiYyNQ2tGM0h8KhF 5Aenn8TZOl0EFCROubn8hjhRkI1RG863R9IPk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=ktXCGaW/1C/YGnoue/dMp0CGlOUCxXhZRCto9mA3fPxBCeNVUnvV9Op0JrjFoAQsDY 0iB9RoiX7HbFikIWbJendA9kjb4Ket33y5p1N4hJkD2JGadUlu34iXpxERXLE+CyL+8Z IdDpFWbHZWoJBkH3dtFtGBBQuvcYQdlfka6pc= Original-Received: by 10.142.241.15 with SMTP id o15mr336688wfh.104.1227281017969; Fri, 21 Nov 2008 07:23:37 -0800 (PST) Original-Received: by 10.143.41.7 with HTTP; Fri, 21 Nov 2008 07:23:37 -0800 (PST) Content-Disposition: inline X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Resent-Date: Fri, 21 Nov 2008 10:30:19 -0500 X-Mailman-Approved-At: Fri, 21 Nov 2008 12:37:58 -0500 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:22560 gmane.emacs.pretest.bugs:23388 Archived-At: The function url-cookie-handle-set-cookie in url-cookie.el doesn't check if url-cookie-trusted-urls is set. It does some preliminary checks but doesn't apply this info in the end. Proposed patch: change line 418 of url-cookie.el from: ((url-cookie-host-can-set-p (url-host url-current-object) domain) to ((or trusted (url-cookie-host-can-set-p (url-host url-current-object) domain) In GNU Emacs 23.0.60.1 (i686-pc-linux-gnu, GTK+ Version 2.12.9) of 2008-07-28 on gentoo Windowing system distributor `The X.Org Foundation', version 11.0.10300000 configured using `configure '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--program-suffix=-emacs-23' '--infodir=/usr/share/info/emacs-23' '--without-carbon' '--with-sound' '--with-x' '--with-toolkit-scroll-bars' '--with-gif' '--with-jpeg' '--with-png' '--without-rsvg' '--with-tiff' '--with-xpm' '--enable-font-backend' '--with-freetype' '--with-xft' '--without-libotf' '--without-m17n-flt' '--with-x-toolkit=gtk' '--without-hesiod' '--without-kerberos' '--without-kerberos5' '--with-gpm' '--with-dbus' '--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -march=i686 -pipe' 'LDFLAGS=-Wl,-O1'' Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: nil value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: en_US.UTF8 value of $XMODIFIERS: nil locale-coding-system: utf-8-unix default-enable-multibyte-characters: t Major mode: Emacs-Lisp Minor modes in effect: erc-list-mode: t erc-menu-mode: t erc-autojoin-mode: t erc-ring-mode: t erc-networks-mode: t erc-pcomplete-mode: t erc-track-mode: t erc-track-minor-mode: t erc-match-mode: t erc-button-mode: t erc-fill-mode: t erc-stamp-mode: t erc-netsplit-mode: t erc-irccontrols-mode: t erc-noncommands-mode: t erc-move-to-prompt-mode: t erc-readonly-mode: t shell-dirtrack-mode: t cua-mode: t show-paren-mode: t diff-auto-refine-mode: t tooltip-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t global-auto-composition-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent input: C-k C-l C-l C-l C-l C-o C-n C-o C-n C-h c r e C-/ C-/ h v e r c - C-/ C-h f C-g C-h v e r c - p a s s C-x 1 C-o C-n C-l C-l C-l C-l C-o C-n C-o C-n C-o C-n C-l C-o C-n C-o C-p C-o C-n C-o C-p C-o C-n C-x C-f / m n w h i C-s C-s C-s p u s t g e M-g M-g 7 5 3 C-n C-n C-k C-k C-x C-s C-o C-p C-p C-p C-p C-n C-n C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n M-x r e p o r C-x 3 C-g C-x 3 C-x b c o o C-g C-x C-f / u s u r c o o C-v C-v C-v C-v C-v C-v C-v C-n C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-n M-x r e p o r t Recent messages: Loading vc-svn...done Mark set Wrote /mnt/dev/jacuzzi_whitelabel/public/stylesheets/general.css byte-code: End of buffer Making completion list... split-window-horizontally: Attempt to split minibuffer window Quit [3 times] uncompressing url-cookie.el.gz...done Note: file is write protected Making completion list...