mirrors/netsurf
1
0
Fork 0
mirror of https://github.com/netsurf-browser/netsurf synced 2024-12-22 12:12:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Work on cookies to bring our behaviour closer to the spec and other browsers:

Browse Source 
+ Improve handling of quoted cookies -- now processes nested quotes correctly
  + Improve cookie output -- now knows which version it's outputting for and 
    processes things appropriately
  + Add assertion that we're dealing with a domain cookie in the case where the
    cookie domain and URL host part don't match during validation.
  + Tidy up fix for broken domain cookie setting -- it's now less confusing to 
    read.
  + Preserve cookie value quoting, regardless of its necessity.
  + Modify Cookie file format to save value_was_quoted flag -- version number 
    bumped to 101.
  + Add more testcases.

svn path=/trunk/netsurf/; revision=3708
This commit is contained in:
John Mark Bell 2008-01-17 20:00:55 +00:00
parent 2fa8e656a1
commit e5e2eb09f6
2 changed files with 315 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

411
content/urldb.c
View File

@ -111,6 +111,7 @@
struct cookie_internal_data { struct cookie_internal_data {
char *name; /**< Cookie name */ char *name; /**< Cookie name */
char *value; /**< Cookie value */ char *value; /**< Cookie value */
bool value_was_quoted; /**< Value was quoted in Set-Cookie: */
char *comment; /**< Cookie comment */ char *comment; /**< Cookie comment */
bool domain_from_set; /**< Domain came from Set-Cookie: header */ bool domain_from_set; /**< Domain came from Set-Cookie: header */
char *domain; /**< Domain */ char *domain; /**< Domain */
@ -269,14 +270,17 @@ static int urldb_search_match_prefix(const struct host_part *a,
/* Cookies */ /* Cookies */
static struct cookie_internal_data *urldb_parse_cookie(const char *url, static struct cookie_internal_data *urldb_parse_cookie(const char *url,
const char **cookie); const char **cookie);
static bool urldb_parse_avpair(struct cookie_internal_data *c, char *n, char *v); static bool urldb_parse_avpair(struct cookie_internal_data *c, char *n,
static bool urldb_insert_cookie(struct cookie_internal_data *c, const char *scheme, char *v, bool was_quoted);
const char *url); static bool urldb_insert_cookie(struct cookie_internal_data *c,
const char *scheme, const char *url);
static void urldb_free_cookie(struct cookie_internal_data *c); static void urldb_free_cookie(struct cookie_internal_data *c);
static bool urldb_concat_cookie(struct cookie_internal_data *c, int *used, static bool urldb_concat_cookie(struct cookie_internal_data *c, int version,
int *alloc, char **buf); int *used, int *alloc, char **buf);
static void urldb_delete_cookie_hosts(const char *domain, const char *path, const char *name, struct host_part *parent); static void urldb_delete_cookie_hosts(const char *domain, const char *path,
static void urldb_delete_cookie_paths(const char *domain, const char *path, const char *name, struct path_data *parent); const char *name, struct host_part *parent);
static void urldb_delete_cookie_paths(const char *domain, const char *path,
const char *name, struct path_data *parent);
static void urldb_save_cookie_hosts(FILE *fp, struct host_part *parent); static void urldb_save_cookie_hosts(FILE *fp, struct host_part *parent);
static void urldb_save_cookie_paths(FILE *fp, struct path_data *parent); static void urldb_save_cookie_paths(FILE *fp, struct path_data *parent);
@ -296,7 +300,7 @@ static struct search_node *search_trees[NUM_SEARCH_TREES] = {
&empty, &empty, &empty, &empty &empty, &empty, &empty, &empty
}; };
#define COOKIE_FILE_VERSION 100 #define COOKIE_FILE_VERSION 101
#define URL_FILE_VERSION 106 #define URL_FILE_VERSION 106
/** /**
@ -2364,6 +2368,8 @@ char *urldb_get_cookie(const char *url)
const struct host_part *h; const struct host_part *h;
struct cookie_internal_data *c; struct cookie_internal_data *c;
int count = 0, version = COOKIE_RFC2965; int count = 0, version = COOKIE_RFC2965;
struct cookie_internal_data **matched_cookies;
int matched_cookies_size = 20;
int ret_alloc = 4096, ret_used = 1; int ret_alloc = 4096, ret_used = 1;
char *path; char *path;
char *ret; char *ret;
@ -2383,15 +2389,43 @@ char *urldb_get_cookie(const char *url)
scheme = p->scheme; scheme = p->scheme;
ret = malloc(ret_alloc); matched_cookies = malloc(matched_cookies_size *
if (!ret) sizeof(struct cookie_internal_data *));
if (!matched_cookies)
return NULL; return NULL;
#define GROW_MATCHED_COOKIES \
do { \
if (count == matched_cookies_size) { \
struct cookie_internal_data **temp; \
temp = realloc(matched_cookies, \
(matched_cookies_size + 20) * \
sizeof(struct cookie_internal_data *)); \
\
if (temp == NULL) { \
free(path); \
free(ret); \
free(matched_cookies); \
return NULL; \
} \
\
matched_cookies = temp; \
matched_cookies_size += 20; \
} \
} while(0)
ret = malloc(ret_alloc);
if (!ret) {
free(matched_cookies);
return NULL;
}
ret[0] = '\0'; ret[0] = '\0';
res = url_path(url, &path); res = url_path(url, &path);
if (res != URL_FUNC_OK) { if (res != URL_FUNC_OK) {
free(ret); free(ret);
free(matched_cookies);
return NULL; return NULL;
} }
@ -2417,20 +2451,16 @@ char *urldb_get_cookie(const char *url)
* ignore */ * ignore */
continue; continue;
if (!urldb_concat_cookie(c, &ret_used, matched_cookies[count++] = c;
&ret_alloc, &ret)) {
free(path); GROW_MATCHED_COOKIES;
free(ret);
return NULL;
}
if (c->version < (unsigned int)version) if (c->version < (unsigned int)version)
version = c->version; version = c->version;
c->last_used = now; c->last_used = now;
cookies_update(c->domain, (struct cookie_data *)c); cookies_update(c->domain,
(struct cookie_data *)c);
count++;
} }
} }
} }
@ -2457,12 +2487,9 @@ char *urldb_get_cookie(const char *url)
* => ignore */ * => ignore */
continue; continue;
if (!urldb_concat_cookie(c, &ret_used, matched_cookies[count++] = c;
&ret_alloc, &ret)) {
free(path); GROW_MATCHED_COOKIES;
free(ret);
return NULL;
}
if (c->version < (unsigned int) version) if (c->version < (unsigned int) version)
version = c->version; version = c->version;
@ -2470,7 +2497,6 @@ char *urldb_get_cookie(const char *url)
c->last_used = now; c->last_used = now;
cookies_update(c->domain, cookies_update(c->domain,
(struct cookie_data *)c); (struct cookie_data *)c);
count++;
} }
} }
@ -2502,19 +2528,15 @@ char *urldb_get_cookie(const char *url)
* => ignore */ * => ignore */
continue; continue;
if (!urldb_concat_cookie(c, &ret_used, matched_cookies[count++] = c;
&ret_alloc, &ret)) {
free(path); GROW_MATCHED_COOKIES;
free(ret);
return NULL;
}
if (c->version < (unsigned int) version) if (c->version < (unsigned int) version)
version = c->version; version = c->version;
c->last_used = now; c->last_used = now;
cookies_update(c->domain, (struct cookie_data *)c); cookies_update(c->domain, (struct cookie_data *)c);
count++;
} }
} }
@ -2538,20 +2560,15 @@ char *urldb_get_cookie(const char *url)
/* secure cookie for insecure host. ignore */ /* secure cookie for insecure host. ignore */
continue; continue;
if (!urldb_concat_cookie(c, &ret_used, &ret_alloc, matched_cookies[count++] = c;
&ret)) {
free(path); GROW_MATCHED_COOKIES;
free(ret);
return NULL;
}
if (c->version < (unsigned int)version) if (c->version < (unsigned int)version)
version = c->version; version = c->version;
c->last_used = now; c->last_used = now;
cookies_update(c->domain, (struct cookie_data *)c); cookies_update(c->domain, (struct cookie_data *)c);
count++;
} }
} }
@ -2561,35 +2578,51 @@ char *urldb_get_cookie(const char *url)
/* No cookies found */ /* No cookies found */
free(path); free(path);
free(ret); free(ret);
free(matched_cookies);
return NULL; return NULL;
} }
/* and build output string */ /* and build output string */
if (version > COOKIE_NETSCAPE) {
sprintf(ret, "$Version=%d", version);
ret_used = strlen(ret) + 1;
}
for (int i = 0; i < count; i++) {
if (!urldb_concat_cookie(matched_cookies[i], version,
&ret_used, &ret_alloc, &ret)) {
free(path);
free(ret);
free(matched_cookies);
return NULL;
}
}
if (version == COOKIE_NETSCAPE) {
/* Old-style cookies => no version & skip "; " */
memmove(ret, ret + 2, ret_used - 2);
ret_used -= 2;
}
/* Now, shrink the output buffer to the required size */
{ {
char *temp; char *temp = realloc(ret, ret_used);
if (version > 0)
temp = malloc(12 + ret_used);
else
temp = malloc(ret_used);
if (!temp) { if (!temp) {
free(path); free(path);
free(ret); free(ret);
free(matched_cookies);
return NULL; return NULL;
} }
if (version > 0)
sprintf(temp, "$Version=%d%s", version, ret);
else {
/* Old-style cookies => no version & skip "; " */
sprintf(temp, "%s", ret + 2);
}
free(path);
free(ret);
ret = temp; ret = temp;
} }
free(path);
free(matched_cookies);
return ret; return ret;
#undef GROW_MATCHED_COOKIES
} }
/** /**
@ -2726,6 +2759,20 @@ bool urldb_set_cookie(const char *header, const char *url,
int hlen, dlen; int hlen, dlen;
char *domain = c->domain; char *domain = c->domain;
/* c->domain must be a domain cookie here because:
* c->domain is either:
* + specified in the header as a domain cookie
* (non-domain cookies in the header are ignored
* by urldb_parse_cookie / urldb_parse_avpair)
* + defaulted to the URL's host part
* (by urldb_parse_cookie if no valid domain was
* specified in the header)
*
* The latter will pass the strcasecmp above, which
* leaves the former (i.e. a domain cookie)
*/
assert(c->domain[0] == '.');
/* 4.3.2:iii */ /* 4.3.2:iii */
if (url_host_is_ip_address(host)) { if (url_host_is_ip_address(host)) {
/* IP address, so no partial match */ /* IP address, so no partial match */
@ -2754,7 +2801,9 @@ bool urldb_set_cookie(const char *header, const char *url,
goto error; goto error;
} }
/* If you believe the spec, H should contain no /* 4.3.2:iv Ensure H contains no dots
*
* If you believe the spec, H should contain no
* dots in _any_ cookie. Unfortunately, however, * dots in _any_ cookie. Unfortunately, however,
* reality differs in that many sites send domain * reality differs in that many sites send domain
* cookies of the form .foo.com from hosts such * cookies of the form .foo.com from hosts such
@ -2763,18 +2812,16 @@ bool urldb_set_cookie(const char *header, const char *url,
* expect, regardless of any potential security * expect, regardless of any potential security
* implications. * implications.
* *
* Ensure that we're dealing with a domain cookie * This is what code conforming to the spec would
* here for extra paranoia. * look like:
*
* for (int i = 0; i < (hlen - dlen); i++) {
* if (host[i] == '.') {
* urldb_free_cookie(c);
* goto error;
* }
* }
*/ */
if (c->domain[0] != '.') {
/* 4.3.2:iv Ensure H contains no dots */
for (int i = 0; i < (hlen - dlen); i++) {
if (host[i] == '.') {
urldb_free_cookie(c);
goto error;
}
}
}
} }
/* Now insert into database */ /* Now insert into database */
@ -2815,6 +2862,7 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
char *n = name, *v = value; char *n = name, *v = value;
bool had_equals = false; bool had_equals = false;
bool quoted = false; bool quoted = false;
bool was_quoted = false;
url_func_result res; url_func_result res;
assert(url && cookie && *cookie); assert(url && cookie && *cookie);
@ -2831,8 +2879,12 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
for (cur = *cookie; *cur && *cur != '\r' && *cur != '\n'; cur++) { for (cur = *cookie; *cur && *cur != '\r' && *cur != '\n'; cur++) {
if (had_equals && (*cur == '"' || *cur == '\'')) { if (had_equals && (*cur == '"' || *cur == '\'')) {
/* Only values may be quoted */ /* Only values may be quoted */
quoted = !quoted; if (cur == *cookie || *(cur - 1) != '\\') {
continue; /* Only unescaped quotes count */
was_quoted = quoted;
quoted = !quoted;
continue;
}
} }
if (!quoted && !had_equals && *cur == '=') { if (!quoted && !had_equals && *cur == '=') {
@ -2848,7 +2900,7 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
*n = '\0'; *n = '\0';
*v = '\0'; *v = '\0';
if (!urldb_parse_avpair(c, name, value)) { if (!urldb_parse_avpair(c, name, value, was_quoted)) {
/* Memory exhausted */ /* Memory exhausted */
urldb_free_cookie(c); urldb_free_cookie(c);
return NULL; return NULL;
@ -2858,6 +2910,7 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
n = name; n = name;
v = value; v = value;
had_equals = false; had_equals = false;
was_quoted = false;
continue; continue;
} }
@ -2877,8 +2930,8 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
* immediately following semicolon (or end of input if none * immediately following semicolon (or end of input if none
* found). Then, consider the input characters between * found). Then, consider the input characters between
* these two positions. If any of these characters is an * these two positions. If any of these characters is an
* '=', we must assume that the comma signified the end of * '=', we must assume that the comma signified the end of
* the current cookie. * the current cookie.
* *
* This holds as the first avpair of any cookie must be * This holds as the first avpair of any cookie must be
* NAME=VALUE, so the '=' is guaranteed to appear in the * NAME=VALUE, so the '=' is guaranteed to appear in the
@ -2913,6 +2966,7 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
} }
/* Accumulate into buffers, always leaving space for a NUL */ /* Accumulate into buffers, always leaving space for a NUL */
/** \todo is silently truncating overlong names/values wise? */
if (!had_equals) { if (!had_equals) {
if (n < name + 1023) if (n < name + 1023)
*n++ = *cur; *n++ = *cur;
@ -2926,7 +2980,7 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
*n = '\0'; *n = '\0';
*v = '\0'; *v = '\0';
if (!urldb_parse_avpair(c, name, value)) { if (!urldb_parse_avpair(c, name, value, was_quoted)) {
/* Memory exhausted */ /* Memory exhausted */
urldb_free_cookie(c); urldb_free_cookie(c);
return NULL; return NULL;
@ -2984,9 +3038,11 @@ struct cookie_internal_data *urldb_parse_cookie(const char *url,
* \param c Cookie struct to populate * \param c Cookie struct to populate
* \param n Name component * \param n Name component
* \param v Value component * \param v Value component
* \param was_quoted Whether ::v was quoted in the input
* \return true on success, false on memory exhaustion * \return true on success, false on memory exhaustion
*/ */
bool urldb_parse_avpair(struct cookie_internal_data *c, char *n, char *v) bool urldb_parse_avpair(struct cookie_internal_data *c, char *n, char *v,
bool was_quoted)
{ {
int vlen; int vlen;
@ -3073,6 +3129,7 @@ bool urldb_parse_avpair(struct cookie_internal_data *c, char *n, char *v)
} else if (!c->name) { } else if (!c->name) {
c->name = strdup(n); c->name = strdup(n);
c->value = strdup(v); c->value = strdup(v);
c->value_was_quoted = was_quoted;
if (!c->name || !c->value) if (!c->name || !c->value)
return false; return false;
} }
@ -3197,25 +3254,83 @@ void urldb_free_cookie(struct cookie_internal_data *c)
* Concatenate a cookie into the provided buffer * Concatenate a cookie into the provided buffer
* *
* \param c Cookie to concatenate * \param c Cookie to concatenate
* \param version The version of the cookie string to output
* \param used Pointer to amount of buffer used (updated) * \param used Pointer to amount of buffer used (updated)
* \param alloc Pointer to allocated size of buffer (updated) * \param alloc Pointer to allocated size of buffer (updated)
* \param buf Pointer to Pointer to buffer (updated) * \param buf Pointer to Pointer to buffer (updated)
* \return true on success, false on memory exhaustion * \return true on success, false on memory exhaustion
*/ */
bool urldb_concat_cookie(struct cookie_internal_data *c, int *used, bool urldb_concat_cookie(struct cookie_internal_data *c, int version,
int *alloc, char **buf) int *used, int *alloc, char **buf)
{ {
int clen; /* Combined (A)BNF for the Cookie: request header:
*
* CHAR = <any US-ASCII character (octets 0 - 127)>
* CTL = <any US-ASCII control character
* (octets 0 - 31) and DEL (127)>
* CR = <US-ASCII CR, carriage return (13)>
* LF = <US-ASCII LF, linefeed (10)>
* SP = <US-ASCII SP, space (32)>
* HT = <US-ASCII HT, horizontal-tab (9)>
* <"> = <US-ASCII double-quote mark (34)>
*
* CRLF = CR LF
*
* LWS = [CRLF] 1*( SP | HT )
*
* TEXT = <any OCTET except CTLs,
* but including LWS>
*
* token = 1*<any CHAR except CTLs or separators>
* separators = "(" | ")" | "<" | ">" | "@"
* | "," | ";" | ":" | "\" | <">
* | "/" | "[" | "]" | "?" | "="
* | "{" | "}" | SP | HT
*
* quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
* qdtext = <any TEXT except <">>
* quoted-pair = "\" CHAR
*
* attr = token
* value = word
* word = token | quoted-string
*
* cookie = "Cookie:" cookie-version
* 1*((";" | ",") cookie-value)
* cookie-value = NAME "=" VALUE [";" path] [";" domain]
* cookie-version = "$Version" "=" value
* NAME = attr
* VALUE = value
* path = "$Path" "=" value
* domain = "$Domain" "=" value
*
* A note on quoted-string handling:
* The cookie data stored in the db is verbatim (i.e. sans enclosing
* <">, if any, and with all quoted-pairs intact) thus all that we
* need to do here is ensure that value strings which were quoted
* in Set-Cookie or which include any of the separators are quoted
* before use.
*
* A note on cookie-value separation:
* We use semicolons for all separators, including between
* cookie-values. This simplifies things and is backwards compatible.
*/
const char * const separators = "()<>@,;:\\\"/[]?={} \t";
int max_len;
assert(c && used && alloc && buf && *buf); assert(c && used && alloc && buf && *buf);
clen = 2 + strlen(c->name) + 1 + strlen(c->value) + /* "; " cookie-value
* We allow for the possibility that values are quoted
*/
max_len = 2 + strlen(c->name) + 1 + strlen(c->value) + 2 +
(c->path_from_set ? (c->path_from_set ?
8 + strlen(c->path) : 0) + 8 + strlen(c->path) + 2 : 0) +
(c->domain_from_set ? (c->domain_from_set ?
10 + strlen(c->domain) : 0); 10 + strlen(c->domain) + 2 : 0);
if (*used + clen >= *alloc) { if (*used + max_len >= *alloc) {
char *temp = realloc(*buf, *alloc + 4096); char *temp = realloc(*buf, *alloc + 4096);
if (!temp) { if (!temp) {
return false; return false;
@ -3224,17 +3339,72 @@ bool urldb_concat_cookie(struct cookie_internal_data *c, int *used,
*alloc += 4096; *alloc += 4096;
} }
/** \todo Quote value strings iff version > 0 */ if (version == COOKIE_NETSCAPE) {
sprintf(*buf + *used - 1, "; %s=%s%s%s%s%s", /* Original Netscape cookie */
c->name, c->value, sprintf(*buf + *used - 1, "; %s=", c->name);
(c->path_from_set ? "; $Path=" : "" ), *used += 2 + strlen(c->name) + 1;
(c->path_from_set ? c->path : "" ),
// (c->path_from_set ? "\"" : ""), /* The Netscape spec doesn't mention quoting of cookie values.
(c->domain_from_set ? "; $Domain=" : ""), * RFC 2109 $10.1.3 indicates that values must not be quoted.
(c->domain_from_set ? c->domain : "") *
// ,(c->domain_from_set ? "\"" : "") * However, other browsers preserve quoting, so we should, too
); */
*used += clen; if (c->value_was_quoted) {
sprintf(*buf + *used - 1, "\"%s\"", c->value);
*used += 1 + strlen(c->value) + 1;
} else {
/** \todo should we %XX-encode [;HT,SP] ? */
/** \todo Should we strip escaping backslashes? */
sprintf(*buf + *used - 1, "%s", c->value);
*used += strlen(c->value);
}
/* We don't send path/domain information -- that's what the
* Netscape spec suggests we should do, anyway. */
} else {
/* RFC2109 or RFC2965 cookie */
sprintf(*buf + *used - 1, "; %s=", c->name);
*used += 2 + strlen(c->name) + 1;
/* Value needs quoting if it contains any separator or if
* it needs preserving from the Set-Cookie header */
if (c->value_was_quoted ||
strpbrk(c->value, separators) != NULL) {
sprintf(*buf + *used - 1, "\"%s\"", c->value);
*used += 1 + strlen(c->value) + 1;
} else {
sprintf(*buf + *used - 1, "%s", c->value);
*used += strlen(c->value);
}
if (c->path_from_set) {
/* Path, quoted if necessary */
sprintf(*buf + *used - 1, "; $Path=");
*used += 8;
if (strpbrk(c->path, separators) != NULL) {
sprintf(*buf + *used - 1, "\"%s\"", c->path);
*used += 1 + strlen(c->path) + 1;
} else {
sprintf(*buf + *used - 1, "%s", c->path);
*used += strlen(c->path);
}
}
if (c->domain_from_set) {
/* Domain, quoted if necessary */
sprintf(*buf + *used - 1, "; $Domain=");
*used += 10;
if (strpbrk(c->domain, separators) != NULL) {
sprintf(*buf + *used - 1, "\"%s\"", c->domain);
*used += 1 + strlen(c->domain) + 1;
} else {
sprintf(*buf + *used - 1, "%s", c->domain);
*used += strlen(c->domain);
}
}
}
return true; return true;
} }
@ -3280,7 +3450,7 @@ void urldb_load_cookies(const char *filename)
*domain, *path, *name, *value, *scheme, *url, *domain, *path, *name, *value, *scheme, *url,
*comment; *comment;
int version, domain_specified, path_specified, int version, domain_specified, path_specified,
secure, no_destroy; secure, no_destroy, value_quoted;
time_t expires, last_used; time_t expires, last_used;
if(s[0] == 0 || s[0] == '#') if(s[0] == 0 || s[0] == '#')
@ -3296,7 +3466,8 @@ void urldb_load_cookies(const char *filename)
if (strncasecmp(s, "Version:", 8) == 0) { if (strncasecmp(s, "Version:", 8) == 0) {
FIND_T; SKIP_T; file_version = atoi(p); FIND_T; SKIP_T; file_version = atoi(p);
if (file_version != COOKIE_FILE_VERSION) { if (file_version < 100 &&
file_version > COOKIE_FILE_VERSION) {
LOG(("Unknown Cookie file version")); LOG(("Unknown Cookie file version"));
break; break;
} }
@ -3321,6 +3492,11 @@ void urldb_load_cookies(const char *filename)
SKIP_T; no_destroy = atoi(p); FIND_T; SKIP_T; no_destroy = atoi(p); FIND_T;
SKIP_T; name = p; FIND_T; SKIP_T; name = p; FIND_T;
SKIP_T; value = p; FIND_T; SKIP_T; value = p; FIND_T;
if (file_version > 100) {
SKIP_T; value_quoted = atoi(p); FIND_T;
} else {
value_quoted = 0;
}
SKIP_T; scheme = p; FIND_T; SKIP_T; scheme = p; FIND_T;
SKIP_T; url = p; FIND_T; SKIP_T; url = p; FIND_T;
@ -3340,6 +3516,7 @@ void urldb_load_cookies(const char *filename)
c->name = strdup(name); c->name = strdup(name);
c->value = strdup(value); c->value = strdup(value);
c->value_was_quoted = value_quoted;
c->comment = strdup(comment); c->comment = strdup(comment);
c->domain_from_set = domain_specified; c->domain_from_set = domain_specified;
c->domain = strdup(domain); c->domain = strdup(domain);
@ -3446,11 +3623,11 @@ void urldb_save_cookies(const char *filename)
"#\n" "#\n"
"# Version\tDomain\tDomain from Set-Cookie\tPath\t" "# Version\tDomain\tDomain from Set-Cookie\tPath\t"
"Path from Set-Cookie\tSecure\tExpires\tLast used\t" "Path from Set-Cookie\tSecure\tExpires\tLast used\t"
"No destroy\tName\tValue\tScheme\tURL\tComment\n", "No destroy\tName\tValue\tValue was quoted\tScheme\t"
"URL\tComment\n",
COOKIE_FILE_VERSION); COOKIE_FILE_VERSION);
fprintf(fp, "Version:\t%d\n", COOKIE_FILE_VERSION); fprintf(fp, "Version:\t%d\n", COOKIE_FILE_VERSION);
urldb_save_cookie_hosts(fp, &db_root); urldb_save_cookie_hosts(fp, &db_root);
fclose(fp); fclose(fp);
@ -3492,12 +3669,13 @@ void urldb_save_cookie_paths(FILE *fp, struct path_data *parent)
continue; continue;
fprintf(fp, "%d\t%s\t%d\t%s\t%d\t%d\t%d\t%d\t%d\t" fprintf(fp, "%d\t%s\t%d\t%s\t%d\t%d\t%d\t%d\t%d\t"
"%s\t%s\t%s\t%s\t%s\n", "%s\t%s\t%d\t%s\t%s\t%s\n",
c->version, c->domain, c->version, c->domain,
c->domain_from_set, c->path, c->domain_from_set, c->path,
c->path_from_set, c->secure, c->path_from_set, c->secure,
(int)c->expires, (int)c->last_used, (int)c->expires, (int)c->last_used,
c->no_destroy, c->name, c->value, c->no_destroy, c->name, c->value,
c->value_was_quoted,
parent->scheme ? parent->scheme parent->scheme ? parent->scheme
: "unused", : "unused",
parent->url ? parent->url : "unused", parent->url ? parent->url : "unused",
@ -3836,8 +4014,47 @@ int main(void)
/* Test partial domain match with IP address failing */ /* Test partial domain match with IP address failing */
assert(urldb_set_cookie("name=value;Domain=.foo.org\r\n", "http://192.168.0.1/", NULL) == false); assert(urldb_set_cookie("name=value;Domain=.foo.org\r\n", "http://192.168.0.1/", NULL) == false);
/* Test handling of non-domain cookie sent by server (domain part should
* be ignored) */
assert(urldb_set_cookie("foo=value;Domain=blah.com\r\n", "http://www.example.com/", NULL));
assert(strcmp(urldb_get_cookie("http://www.example.com/"), "foo=value") == 0);
/* Test handling of domain cookie from wrong host (strictly invalid but
* required to support the real world) */
assert(urldb_set_cookie("name=value;Domain=.example.com\r\n", "http://foo.bar.example.com/", NULL));
assert(strcmp(urldb_get_cookie("http://www.example.com/"), "foo=value; name=value") == 0);
/* Test presence of separators in cookie value */
assert(urldb_set_cookie("name=\"value=foo\\\\bar\\\\\\\";\\\\baz=quux\";Version=1\r\n", "http://www.example.org/", NULL));
assert(strcmp(urldb_get_cookie("http://www.example.org/"), "$Version=1; name=\"value=foo\\\\bar\\\\\\\";\\\\baz=quux\"") == 0);
/* Test cookie with blank value */
assert(urldb_set_cookie("a=\r\n", "http://www.example.net/", NULL));
assert(strcmp(urldb_get_cookie("http://www.example.net/"), "a=") == 0);
/* Test specification of multiple cookies in one header */
assert(urldb_set_cookie("a=b, foo=bar; Path=/\r\n", "http://www.example.net/", NULL));
assert(strcmp(urldb_get_cookie("http://www.example.net/"), "foo=bar; a=b") == 0);
/* Test use of separators in unquoted cookie value */
assert(urldb_set_cookie("foo=moo@foo:blah?moar\\ text\r\n", "http://example.com/", NULL));
assert(strcmp(urldb_get_cookie("http://example.com/"), "foo=moo@foo:blah?moar\\ text; name=value") == 0);
/* Test use of unnecessary quotes */
assert(urldb_set_cookie("foo=\"hello\";Version=1,bar=bat\r\n", "http://example.com/", NULL));
assert(strcmp(urldb_get_cookie("http://example.com/"), "bar=bat; foo=\"hello\"; name=value") == 0);
urldb_dump(); urldb_dump();
return 0; return 0;
} }
/*
gcc -g -o urldbtest -std=c99 -DTEST_URLDB -I.
`pkg-config --cflags --libs libxml-2.0 cairo librsvg-2.0 libcurl`
content/urldb.c utils/url.c utils/utils.c utils/messages.c
utils/hashtable.c utils/filename.c
*/
#endif #endif

1
content/urldb.h
View File

@ -44,6 +44,7 @@ struct url_data {
struct cookie_data { struct cookie_data {
const char *name; /**< Cookie name */ const char *name; /**< Cookie name */
const char *value; /**< Cookie value */ const char *value; /**< Cookie value */
const char value_was_quoted; /**< Value was quoted in Set-Cookie: */
const char *comment; /**< Cookie comment */ const char *comment; /**< Cookie comment */
const bool domain_from_set; /**< Domain came from Set-Cookie: header */ const bool domain_from_set; /**< Domain came from Set-Cookie: header */
const char *domain; /**< Domain */ const char *domain; /**< Domain */