1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00
Commit Graph

73 Commits

Author SHA1 Message Date
Ian Jackson
9bb3415811 cookies: Properly handle cookie path= equal to request path
The code in cookies.c would arrange that c->path would always contain
a string ending in "/".  This may have been an attempt to make it
easier to do a proper subpath check in is_path_prefix.

Howver, the overall result is wrong in the case
   Set-Cookie: ....;path=/some/thing
and then later
   http://site.example.com/some/thing

c->path gets set to "/some/thing/" which doesn't pass the test in
is_path_prefix.

The precise required algorithm is described in RFC6265 5.1.4.  The
existing code fails to implement the first of the three bulleted
conditions at the end of 5.1.4.

The trailing "/" is actually not so helpful for this.  It is more
convenient to change is_path_prefix to do subpath matching directly:
we change it to insist that the supposed path prefix is a textual
prefix of the request path, *and* that this happens at a path segment
boundary: ie at '/' or end of string.[1]

Accordingly, we no longer add "/" to the cookie path.  When we strip
the final path element we strip the "/" too.  We still insert a "/" if
the path was empty.

[1] It is not 100% clear to me what "path" (URI_PATH) is but I think
it does not include any query parameters.  If I am wrong about that
then '?' should be tolerated too.

CC: Mark Wooding <mdw@distorted.org.uk>
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
2020-05-09 14:33:45 +02:00
Witold Filipczyk
3d96b0d7d7 Revert "Compile with C++."
This reverts commit 4f4df33638.
2019-04-21 12:27:40 +02:00
Witold Filipczyk
4f4df33638 Compile with C++.
Weak points:
- alignof
- js problems

Todo:
- make js work with C++ and mozjs-17
- then mozjs-24
- then mozjs-52
- then mozjs-60
- decrease number of warnings
2019-02-17 20:46:16 +01:00
Witold Filipczyk
6ec3fc3f33 More user friendly method to set expires in cookie dialog. 2018-08-25 22:44:11 +02:00
Witold Filipczyk
9eaf03cf2a Added HttpOnly cookies 2018-08-25 15:28:29 +02:00
Witold Filipczyk
2fc9b0bf5a Better handling of content-disposition (line without semicolon)
This time it was copied from links2.
2016-08-21 22:02:46 +02:00
Witold Filipczyk
ab63ee8f82 Revert "Fix saving files from speccy.pl archives"
This reverts commit 29d85fdb3b.
2016-08-21 18:22:33 +02:00
Witold Filipczyk
29d85fdb3b Fix saving files from speccy.pl archives 2016-05-28 17:58:17 +02:00
Witold Filipczyk
257422f28c Reorganisation of code to make C++ happy 2016-04-20 22:21:31 +02:00
Witold Filipczyk
da15322705 Cast to (const char *) in strrchr calls 2016-04-20 21:03:27 +02:00
Witold Filipczyk
52d6f37c8e Explicit cast to (const char *) for strchr function (C++) 2016-04-20 19:43:37 +02:00
Kalle Olavi Niemitalo
8b00e1ef70 bug 764: Initialize the right member of union option_value
INIT_OPTION used to initialize union option_value at compile time by
casting the default value to LIST_OF(struct option) *, which is the
type of the first member.  On sparc64 and other big-endian systems
where sizeof(int) < sizeof(struct list_head *), this tended to leave
option->value.number as zero, thus messing up OPT_INT and OPT_BOOL
at least.  OPT_LONG however tended to work right.

This would be easy to fix with C99 designated initializers,
but doc/hacking.txt says ELinks must be kept C89 compatible.
Another solution would be to make register_options() read the
value from option->value.tree (the first member), cast it back
to the right type, and write it to the appropriate member;
but that would still require somewhat dubious conversions
between integers, data pointers, and function pointers.

So here's a rather more invasive solution.  Add struct option_init,
which is somewhat similar to struct option but has non-overlapping
members for different types of values, to ensure nothing is lost
in compile-time conversions.  Move unsigned char *path from struct
option_info to struct option_init, and replace struct option_info
with a union that contains struct option_init and struct option.
Now, this union can be initialized with no portability problems,
and register_options() then moves the values from struct option_init
to their final places in struct option.

In my x86 ELinks build with plenty of options configured in, this
change bloated the text section by 340 bytes but compressed the data
section by 2784 bytes, presumably because union option_info is a
pointer smaller than struct option_info was.
(cherry picked from elinks-0.12 commit e5f6592ee2)

Conflicts:
	src/protocol/fsp/fsp.c: All options had been removed in 0.13.GIT.
	src/protocol/smb/smb2.c: Ditto.
2012-11-03 22:16:32 +02:00
Kalle Olavi Niemitalo
1bb71f3732 Merge branch 'elinks-0.12' into elinks-0.13
Conflicts:
	src/config/conf.c
	src/network/ssl/ssl.c
2009-03-12 08:46:02 +02:00
Kalle Olavi Niemitalo
5a43c55c9e Rewrap lines in option documentation.
Documentation strings of most options used to contain a "\n" at the
end of each source line.  When the option manager displayed these
strings, it treated each "\n" as a hard newline.  On 80x24 terminals
however, the option description window has only 60 columes available
for the text (with the default setup.h), and the hard newlines were
further apart, so the option manager wrapped the text a second time,
resulting in rather ugly output where long lones are interleaved with
short ones.  This could also cause the text to take up too much
vertical space and not fit in the window.

Replace most of those hard newlines with spaces so that the option
manager (or perhaps BFU) will take care of the wrapping.  At the same
time, rewrap the strings in source code so that the source lines are
at most 79 columns wide.

In some options though, there is a list of possible values and their
meanings.  In those lists, if the description of one value does not
fit in one line, then continuation lines should be indented.  The
option manager and BFU are not currently able to do that.  So, keep
the hard newlines in those lists, but rewrap them to 60 columns so
that they are less likely to require further wrapping at runtime.
2009-03-08 15:18:10 +02:00
Kalle Olavi Niemitalo
5c2fada371 Merge branch 'elinks-0.12' into elinks-0.13
Conflicts:
	src/session/download.c
2008-11-01 22:39:17 +02:00
M. Vefa Bicakci
96b3093519 Patch 2: Modifications to the remaining parts of ELinks
[Forward ported to 0.12 from bug 1004 attachment 499.  --KON]
2008-11-01 22:20:25 +02:00
Miciah Dashiel Butler Masters
3a0286e447 Strings corrections from Malcolm Parsons
Fix the spelling and grammar in various comments, variable names, comment
descriptions, and documentation.
2008-01-27 04:19:23 +00:00
Miciah Dashiel Butler Masters
643a34e6af Strings corrections from Malcolm Parsons
Fix the spelling and grammar in various comments, variable names, comment
descriptions, and documentation.
2008-01-27 04:09:18 +00:00
Laurent MONIN
f5c3ba2e99 Add cookies file format description to cookies.h.
This clear description was provided by Witek on IRC.
2007-10-18 09:26:43 +02:00
Laurent MONIN
8f02417036 Insert a new line after variable declaration. 2007-10-15 12:59:41 +02:00
Miciah Dashiel Butler Masters
a46379a931 Move is_in_domain from cookies/cookies.c to protocol/uri.c and export 2007-09-14 16:51:04 +02:00
Laurent MONIN
f0e66866f5 Trim trailing whitespaces. 2007-09-14 15:12:32 +02:00
Miciah Dashiel Butler Masters
9a5f76dbd5 Move is_in_domain from cookies/cookies.c to protocol/uri.c and export 2007-08-29 13:33:19 +00:00
Miciah Dashiel Butler Masters
ea372bd0cd get_opt_*: Add ses parameter
Add a session parameter to get_opt_ and its wrappers in preparation for session-specific and domain-specific options.
2007-08-28 17:24:59 +00:00
Kalle Olavi Niemitalo
2437d35904 Merge commit 'pasky.or.cz/elinks-0.12' into elinks-0.13
There were conflicts in src/document/css/ because 0.12.GIT switched
to LIST_OF(struct css_selector) and 0.13.GIT switched to struct
css_selector_set.  Resolved by using LIST_OF(struct css_selector)
inside struct css_selector_set.
2007-07-28 03:22:29 +03:00
Kalle Olavi Niemitalo
96176a8c77 Declare element types of lists. 2007-07-26 22:47:23 +03:00
Laurent MONIN
0b98c5051b Fix trailing whitespaces 2007-04-26 15:02:04 +02:00
Kalle Olavi Niemitalo
7645a836fc Cast the NULL argument of straconcat to unsigned char *.
straconcat reads the args with va_arg(ap, const unsigned char *),
and the NULL macro may have the wrong type (e.g. int).

Many places pass string literals of type char * to straconcat.  This
is in principle also a violation, but I'm ignoring it for now because
if it becomes a problem with some C implementation, then so will the
use of unsigned char * with printf "%s", which is so widespread in
ELinks that I'm not going to try fixing it now.
2007-03-11 12:59:11 +02:00
Kalle Olavi Niemitalo
a05f7203cd Cast variadic arguments of getml to void *.
getml reads the args with va_arg(ap, void *), and the NULL macro in
particular may have the wrong type.
2007-03-11 12:41:17 +02:00
Kalle Olavi Niemitalo
2b7788614f Type-check button arguments of msg_box.
Don't cast function pointers; calling functions via pointers of
incorrect types is not guaranteed to work.  Instead, define the
functions with the desired types, and make them cast the incoming
parameters.  Or define wrapper functions if the return types don't
match.

really_exit_prog wasn't being used outside src/dialogs/menu.c,
and I had to change its parameter type, so it's now static.
2007-03-10 23:50:56 +02:00
Kalle Olavi Niemitalo
d7e4b57146 Make instances of struct listbox_ops const. 2007-02-04 15:17:49 +02:00
Kalle Olavi Niemitalo
a5e321cb2b Make instances of struct hierbox_browser_button const.
And explicitly disable the "Save" buttons in anonymous mode,
even though they are currently inside #if 0.
2007-02-04 13:54:07 +02:00
Kalle Olavi Niemitalo
01fdf6c4d3 Bug 923: Added comments about potential time_t truncation.
And removed Miciah's portability question; MSVC++2005 already
has a time_t longer than long, so assuming that time_t is long
is surely not portable.
2007-01-13 15:26:21 +02:00
Kalle Olavi Niemitalo
f0dfd0504f Route time_t-to-string conversions via time_print_T and TIME_PRINT_FORMAT.
The previous code just printed time_t directly with "%ld".  Now it
instead first casts to time_print_T (currently long) and then formats
with TIME_PRINT_FORMAT (currently "ld").  So the varargs will now
always match with the format string, even if time_t is longer than
long.  This still doesn't correctly format time_t values larger than
LONG_MAX, though.  But now it is at least easier to find some of the
places that need to be changed to support that.

I located these time_t-to-string conversions by searching for
str_to_time_t, expires, and last_visit.  There are still more places
that assume every interesting time_t value fits either in 32 bits or
in a long, e.g. in the cookie editor and in the ECMAScript interface.

Inspired by bug 6.
2007-01-12 23:47:45 +02:00
Kalle Olavi Niemitalo
a46afea662 Bug 887: Fix the CONFIG_SMALL version of CANNOT_SAVE_COOKIES.
It had fewer parameters than the !CONFIG_SMALL version does, and this
caused compilation to fail.
2006-12-10 17:14:49 +02:00
Kalle Olavi Niemitalo
e815e07179 Bug 887: save_cookies reports errors if requested by the user. 2006-12-09 18:27:40 +02:00
Kalle Olavi Niemitalo
7551be3194 Bug 887: save_cookies ignores cookies_dirty if requested by the user. 2006-12-09 18:23:41 +02:00
Kalle Olavi Niemitalo
3cd0fbe5f0 Bug 886: Set cookies_dirty if a cookie is edited via the manager.
If the appropriate option is set, this now causes the cookies to be
immediately saved as well.
2006-12-09 16:41:53 +02:00
Kalle Olavi Niemitalo
fad9c75cc6 Bug 886: Update cookies_dirty after delete_cookie calls as appropriate. 2006-12-09 16:41:28 +02:00
Kalle Olavi Niemitalo
b79210ea1b Bug 886: Postpone resaving the cookies until a bottom half. 2006-12-09 16:40:04 +02:00
Kalle Olavi Niemitalo
8ecf105cd5 Bug 886: Document why delete_cookie does not set cookies_dirty. 2006-12-09 15:03:08 +02:00
Kalle Olavi Niemitalo
469ab151cd Document the c_domains and cookie_servers lists. 2006-12-09 14:31:58 +02:00
Kalle Olavi Niemitalo
ab23505519 cookies: New function init_cookie has a monopoly.
All cookies are now constructed with the new function init_cookie.
Requested by Miciah Dashiel Butler Masters.

This also fixes a bug where the "Add cookie" button left cookie->path == NULL,
causing a crash later when deciding whether to send the cookie to the server.
2006-06-05 20:22:55 +00:00
Kalle Olavi Niemitalo
e8233fa06a cookies: Use strrchr instead of ad-hoc loop.
The size and speed of the object code probably don't change much,
but the source becomes easier to read.
2006-06-05 20:22:54 +00:00
Kalle Olavi Niemitalo
3e32131469 cookies: A feeble attempt to support 16-bit int.
There are probably other places where it doesn't work, but this one
caught my eye.
2006-06-05 20:22:54 +00:00
Kalle Olavi Niemitalo
23a9a17827 cookies: Check return values of parse_header_param.
Mostly this makes set_cookie more complex, as it now distinguishes
between HEADER_PARAM_NOT_FOUND and HEADER_PARAM_OUT_OF_MEMORY, and kills the cookie in the
latter case.  However, the cookie->secure check became simpler.
2006-06-05 20:22:54 +00:00
Kalle Olavi Niemitalo
819b6fab80 parse_header_param stores the string via a pointer parameter.
Its return value is now an enum that lets callers know whether an
error occurred.  However, this commit changes the callers only
minimally, so they do not yet check the return value.
2006-06-05 20:22:53 +00:00
Kalle Olavi Niemitalo
2c0edf6c44 cookies: Reject empty name in "Add server".
Also, add the server in the done_handler_T of the "OK" button,
rather than in the widget_handler_T of the "Server name" field
(which check_dialog calls).  This change implies that the dialog
is closed even if an error occurs while adding the server, but
that seems to be customary elsewhere in ELinks too.
2006-06-02 19:08:09 +00:00
Kalle Olavi Niemitalo
96391c17b4 cookies: "Add Server" ignores "cookies.accept_policy".
src/cookies/dialogs.c (set_server): Set up a struct cookie and pass it
to accept_cookie, instead of calling set_cookie which might ask the user
to confirm.  (This change also removes a dubious use of struct uri.)

src/cookies/cookies.c (get_cookie_server): No longer static.

src/cookies/cookies.h (get_cookie_server): Declare.
2006-06-02 19:08:09 +00:00
Kalle Olavi Niemitalo
d10a489a14 BFU: Mark format strings in struct listbox_ops_messages.
With regular comments in the definition of the structure itself,
and with xgettext:c-format comments in constants of that type,
if xgettext would otherwise guess wrong; so that translators
will know they'll have to double any percent signs they add.
I didn't regenerate PO files, though.
2006-06-02 19:08:09 +00:00