* url-cookie.el: Deal with wildcard dots in domain values.
@ 2007-04-01 0:30 Diane Murray
2007-04-01 7:44 ` Andreas Schwab
2007-04-01 15:39 ` Chong Yidong
0 siblings, 2 replies; 4+ messages in thread
From: Diane Murray @ 2007-04-01 0:30 UTC (permalink / raw)
To: emacs-devel
Wildcard domain values in cookies are not parsed correctly. For
example, "domain=.gnu.org" (note the dot in front) in a cookie means
to use this cookie with all subdomains of gnu.org as well. Since it
seems url-cookie.el already handles domains this way, it should also
deal with those dots. As things work now, all such cookies are
rejected - even when the user wishes to set cookies for that domain.
The following patch fixes this.
2007-04-01 Diane Murray <disumu@x3y2z1.net>
* url-cookie.el (url-cookie-retrieve, url-cookie-host-can-set-p):
Deal with wildcard dots in domain values.
*** url-cookie.el 24 Jan 2007 13:01:25 +0100 1.20
--- url-cookie.el 01 Apr 2007 02:17:06 +0200
***************
*** 272,278 ****
storage (cdr storage)
cookies (cdr cur))
(if (and (car cur)
! (string-match (concat "^.*" (regexp-quote (car cur)) "$") host))
;; The domains match - a possible hit!
(while cookies
(setq cur (car cookies)
--- 272,286 ----
storage (cdr storage)
cookies (cdr cur))
(if (and (car cur)
! (string-match
! (concat "^.*"
! (regexp-quote
! ;; Remove the dot from wildcard domains
! ;; before matching.
! (if (string= "." (substring (car cur) 0 1))
! (substring (car cur) 1 (length (car cur)))
! (car cur)))
! "$") host))
;; The domains match - a possible hit!
(while cookies
(setq cur (car cookies)
***************
*** 344,350 ****
((>= numdots mindots) ; We have enough dots in domain name
;; Need to check and make sure the host is actually _in_ the
;; domain it wants to set a cookie for though.
! (string-match (concat (regexp-quote domain) "$") host))
(t
nil))))
--- 352,364 ----
((>= numdots mindots) ; We have enough dots in domain name
;; Need to check and make sure the host is actually _in_ the
;; domain it wants to set a cookie for though.
! (string-match (concat (regexp-quote
! ;; Remove the dot from wildcard domains
! ;; before matching.
! (if (string= "." (substring domain 0 1))
! (substring domain 1 (length domain))
! domain))
! "$") host))
(t
nil))))
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: url-cookie.el: Deal with wildcard dots in domain values.
2007-04-01 0:30 url-cookie.el: Deal with wildcard dots in domain values Diane Murray
@ 2007-04-01 7:44 ` Andreas Schwab
2007-04-02 23:23 ` Davis Herring
2007-04-01 15:39 ` Chong Yidong
1 sibling, 1 reply; 4+ messages in thread
From: Andreas Schwab @ 2007-04-01 7:44 UTC (permalink / raw)
To: Diane Murray; +Cc: emacs-devel
Diane Murray <disumu@x3y2z1.net> writes:
> ! (if (string= "." (substring (car cur) 0 1))
> ! (substring (car cur) 1 (length (car cur)))
> ! (car cur)))
This can be written shorter:
(if (eq ?. (aref (car cur) 0))
(substring (car cur) 1)
(car cur)))
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: url-cookie.el: Deal with wildcard dots in domain values.
2007-04-01 7:44 ` Andreas Schwab
@ 2007-04-02 23:23 ` Davis Herring
0 siblings, 0 replies; 4+ messages in thread
From: Davis Herring @ 2007-04-02 23:23 UTC (permalink / raw)
To: Andreas Schwab; +Cc: Diane Murray, emacs-devel
> This can be written shorter:
>
> (if (eq ?. (aref (car cur) 0))
> (substring (car cur) 1)
> (car cur)))
Oh yeah?
(substring (car cur) (if (eq ?. (aref (car cur) 0)) 1 0))
Not that I actually recommend copying every cookie's domain name...
Davis
--
This product is sold by volume, not by mass. If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: url-cookie.el: Deal with wildcard dots in domain values.
2007-04-01 0:30 url-cookie.el: Deal with wildcard dots in domain values Diane Murray
2007-04-01 7:44 ` Andreas Schwab
@ 2007-04-01 15:39 ` Chong Yidong
1 sibling, 0 replies; 4+ messages in thread
From: Chong Yidong @ 2007-04-01 15:39 UTC (permalink / raw)
To: Diane Murray; +Cc: emacs-devel
Diane Murray <disumu@x3y2z1.net> writes:
> Wildcard domain values in cookies are not parsed correctly. For
> example, "domain=.gnu.org" (note the dot in front) in a cookie means
> to use this cookie with all subdomains of gnu.org as well. Since it
> seems url-cookie.el already handles domains this way, it should also
> deal with those dots. As things work now, all such cookies are
> rejected - even when the user wishes to set cookies for that domain.
> The following patch fixes this.
Thanks, I've checked it in.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-02 23:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-01 0:30 url-cookie.el: Deal with wildcard dots in domain values Diane Murray
2007-04-01 7:44 ` Andreas Schwab
2007-04-02 23:23 ` Davis Herring
2007-04-01 15:39 ` Chong Yidong
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.