From: Diane Murray <disumu@x3y2z1.net>
To: emacs-devel@gnu.org
Subject: url-cookie.el: Deal with wildcard dots in domain values.
Date: Sun, 01 Apr 2007 02:30:47 +0200 [thread overview]
Message-ID: <877isxylzc.fsf@x3y2z1.net> (raw)
Wildcard domain values in cookies are not parsed correctly. For
example, "domain=.gnu.org" (note the dot in front) in a cookie means
to use this cookie with all subdomains of gnu.org as well. Since it
seems url-cookie.el already handles domains this way, it should also
deal with those dots. As things work now, all such cookies are
rejected - even when the user wishes to set cookies for that domain.
The following patch fixes this.
2007-04-01 Diane Murray <disumu@x3y2z1.net>
* url-cookie.el (url-cookie-retrieve, url-cookie-host-can-set-p):
Deal with wildcard dots in domain values.
*** url-cookie.el 24 Jan 2007 13:01:25 +0100 1.20
--- url-cookie.el 01 Apr 2007 02:17:06 +0200
***************
*** 272,278 ****
storage (cdr storage)
cookies (cdr cur))
(if (and (car cur)
! (string-match (concat "^.*" (regexp-quote (car cur)) "$") host))
;; The domains match - a possible hit!
(while cookies
(setq cur (car cookies)
--- 272,286 ----
storage (cdr storage)
cookies (cdr cur))
(if (and (car cur)
! (string-match
! (concat "^.*"
! (regexp-quote
! ;; Remove the dot from wildcard domains
! ;; before matching.
! (if (string= "." (substring (car cur) 0 1))
! (substring (car cur) 1 (length (car cur)))
! (car cur)))
! "$") host))
;; The domains match - a possible hit!
(while cookies
(setq cur (car cookies)
***************
*** 344,350 ****
((>= numdots mindots) ; We have enough dots in domain name
;; Need to check and make sure the host is actually _in_ the
;; domain it wants to set a cookie for though.
! (string-match (concat (regexp-quote domain) "$") host))
(t
nil))))
--- 352,364 ----
((>= numdots mindots) ; We have enough dots in domain name
;; Need to check and make sure the host is actually _in_ the
;; domain it wants to set a cookie for though.
! (string-match (concat (regexp-quote
! ;; Remove the dot from wildcard domains
! ;; before matching.
! (if (string= "." (substring domain 0 1))
! (substring domain 1 (length domain))
! domain))
! "$") host))
(t
nil))))
next reply other threads:[~2007-04-01 0:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-01 0:30 Diane Murray [this message]
2007-04-01 7:44 ` url-cookie.el: Deal with wildcard dots in domain values Andreas Schwab
2007-04-02 23:23 ` Davis Herring
2007-04-01 15:39 ` Chong Yidong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877isxylzc.fsf@x3y2z1.net \
--to=disumu@x3y2z1.net \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).