mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
- Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this.
This commit is contained in:
parent
7867d44251
commit
448d2b5f49
7
CHANGES
7
CHANGES
@ -6,6 +6,13 @@
|
|||||||
|
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
Daniel Stenberg (25 Oct 2009)
|
||||||
|
- Dima Barsky made the curl cookie parser accept cookies even with blank or
|
||||||
|
unparsable expiry dates and then treat them as session cookies - previously
|
||||||
|
libcurl would reject cookies with a date format it couldn't parse. Research
|
||||||
|
shows that the major browser treat such cookies as session cookies. I
|
||||||
|
modified test 8 and 31 to verify this.
|
||||||
|
|
||||||
Daniel Stenberg (21 Oct 2009)
|
Daniel Stenberg (21 Oct 2009)
|
||||||
- Attempt to use pkg-config for finding out libssh2 installation details
|
- Attempt to use pkg-config for finding out libssh2 installation details
|
||||||
during configure.
|
during configure.
|
||||||
|
@ -41,6 +41,7 @@ This release includes the following bugfixes:
|
|||||||
o GSS negotiate infinite loop on bad credentials
|
o GSS negotiate infinite loop on bad credentials
|
||||||
o memory leak in SCP/SFTP connections
|
o memory leak in SCP/SFTP connections
|
||||||
o use pkg-config to find out libssh2 installation details in configure
|
o use pkg-config to find out libssh2 installation details in configure
|
||||||
|
o unparsable cookie expire dates make cookies get treated as session coookies
|
||||||
|
|
||||||
This release includes the following known bugs:
|
This release includes the following known bugs:
|
||||||
|
|
||||||
@ -53,6 +54,6 @@ advice from friends like these:
|
|||||||
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
|
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
|
||||||
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
|
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
|
||||||
Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
|
Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
|
||||||
Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst
|
Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
@ -363,9 +363,8 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||||||
badcookie = TRUE;
|
badcookie = TRUE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
/* Note that we store -1 in 'expires' here if the date couldn't
|
/* Note that if the date couldn't get parsed for whatever reason,
|
||||||
get parsed for whatever reason. This will have the effect that
|
the cookie will be treated as a session cookie */
|
||||||
the cookie won't match. */
|
|
||||||
co->expires = curl_getdate(what, &now);
|
co->expires = curl_getdate(what, &now);
|
||||||
|
|
||||||
/* Session cookies have expires set to 0 so if we get that back
|
/* Session cookies have expires set to 0 so if we get that back
|
||||||
@ -373,6 +372,8 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||||||
non-session cookie */
|
non-session cookie */
|
||||||
if (co->expires == 0)
|
if (co->expires == 0)
|
||||||
co->expires = 1;
|
co->expires = 1;
|
||||||
|
else if( co->expires < 0 )
|
||||||
|
co->expires = 0;
|
||||||
}
|
}
|
||||||
else if(!co->name) {
|
else if(!co->name) {
|
||||||
co->name = strdup(name);
|
co->name = strdup(name);
|
||||||
|
@ -27,6 +27,7 @@ Set-Cookie: novalue; domain=reallysilly
|
|||||||
Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 2030
|
Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 2030
|
||||||
Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030
|
Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030
|
||||||
Set-Cookie: magic=yessir; path=/silly/; HttpOnly
|
Set-Cookie: magic=yessir; path=/silly/; HttpOnly
|
||||||
|
Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
|
||||||
|
|
||||||
boo
|
boo
|
||||||
</data>
|
</data>
|
||||||
@ -71,6 +72,7 @@ Accept: */*
|
|||||||
.127.0.0.1 TRUE / FALSE 0 partmatch present
|
.127.0.0.1 TRUE / FALSE 0 partmatch present
|
||||||
127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value
|
127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value
|
||||||
#HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir
|
#HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir
|
||||||
|
.0.0.1 TRUE /we/want/ FALSE 0 blexp yesyes
|
||||||
</file>
|
</file>
|
||||||
</verify>
|
</verify>
|
||||||
</testcase>
|
</testcase>
|
||||||
|
@ -41,6 +41,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
|
|||||||
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
|
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
|
||||||
Set-Cookie: cookie=yes; path=/we;
|
Set-Cookie: cookie=yes; path=/we;
|
||||||
Set-Cookie: nocookie=yes; path=/WE;
|
Set-Cookie: nocookie=yes; path=/WE;
|
||||||
|
Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
|
||||||
|
|
||||||
</file>
|
</file>
|
||||||
</client>
|
</client>
|
||||||
@ -54,7 +55,7 @@ Set-Cookie: nocookie=yes; path=/WE;
|
|||||||
GET /we/want/8 HTTP/1.1
|
GET /we/want/8 HTTP/1.1
|
||||||
Host: %HOSTIP:%HTTPPORT
|
Host: %HOSTIP:%HTTPPORT
|
||||||
Accept: */*
|
Accept: */*
|
||||||
Cookie: cookie=yes; partmatch=present; foobar=name
|
Cookie: blexp=yesyes; cookie=yes; partmatch=present; foobar=name
|
||||||
|
|
||||||
</protocol>
|
</protocol>
|
||||||
</verify>
|
</verify>
|
||||||
|
Loading…
Reference in New Issue
Block a user