mirror of
https://github.com/rkd77/elinks.git
synced 2024-06-27 01:25:34 +00:00
9bb3415811
The code in cookies.c would arrange that c->path would always contain a string ending in "/". This may have been an attempt to make it easier to do a proper subpath check in is_path_prefix. Howver, the overall result is wrong in the case Set-Cookie: ....;path=/some/thing and then later http://site.example.com/some/thing c->path gets set to "/some/thing/" which doesn't pass the test in is_path_prefix. The precise required algorithm is described in RFC6265 5.1.4. The existing code fails to implement the first of the three bulleted conditions at the end of 5.1.4. The trailing "/" is actually not so helpful for this. It is more convenient to change is_path_prefix to do subpath matching directly: we change it to insist that the supposed path prefix is a textual prefix of the request path, *and* that this happens at a path segment boundary: ie at '/' or end of string.[1] Accordingly, we no longer add "/" to the cookie path. When we strip the final path element we strip the "/" too. We still insert a "/" if the path was empty. [1] It is not 100% clear to me what "path" (URI_PATH) is but I think it does not include any query parameters. If I am wrong about that then '?' should be tolerated too. CC: Mark Wooding <mdw@distorted.org.uk> Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> |
||
|---|---|---|
| config | ||
| contrib | ||
| doc | ||
| po | ||
| src | ||
| test | ||
| Unicode | ||
| .gitignore | ||
| .mailmap | ||
| ABOUT-NLS | ||
| AUTHORS | ||
| autogen.sh | ||
| BUGS | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| features.conf | ||
| GOALS | ||
| INSTALL | ||
| Makefile | ||
| Makefile.config.in | ||
| Makefile.lib | ||
| NEWS | ||
| README | ||
| README.md | ||
| SITES | ||
| THANKS | ||
| TODO | ||
felinks
Fork of elinks