aboutsummaryrefslogtreecommitdiff
path: root/lib/cookie.c
AgeCommit message (Collapse)Author
2011-04-04disable cookies: remove ifdefs, move codeDaniel Stenberg
1 - make sure to #define macros for cookie functions in the cookie header when cookies are disabled to avoid having to use #ifdefs in code using those functions. 2 - move cookie-specific code to cookie.c and use the functio conditionally as mentioned in (1). net result: 6 #if lines removed, and 9 lines of code less
2010-12-23cookies: tricked dotcounter fixedDaniel Stenberg
Providing multiple dots in a series in the domain field (domain=..com) could trick the cookie engine to wrongly accept the cookie believing it to be fine. Since the tailmatching would then match all .com sites, the cookie would then be sent to all of them. The code now requires at least one letter between each dot for them to be counted. Edited test case 61 to verify this.
2010-11-28atoi: remove atoi usageYang Tse
2010-03-24remove the CVSish $Id$ linesDaniel Stenberg
2010-02-26fix compiler warningYang Tse
2010-01-28fix printf-style format stringsYang Tse
2010-01-27fix compiler warningYang Tse
2010-01-19- As was pointed out on the http-state mailing list, the order of cookies in aDaniel Stenberg
HTTP Cookie: header _needs_ to be sorted on the path length in the cases where two cookies using the same name are set more than once using (overlapping) paths. Realizing this, identically named cookies must be sorted correctly. But detecting only identically named cookies and take care of them individually is harder than just to blindly and unconditionally sort all cookies based on their path lengths. All major browsers also already do this, so this makes our behavior one step closer to them in the cookie area. Test case 8 was the only one that broke due to this change and I updated it accordingly.
2009-12-19fixed a precaution check in the cookie code, pointed out by Julien ChaffraixDaniel Stenberg
2009-11-18Make usage of calloc()'s arguments consistent with rest of code baseYang Tse
2009-10-25- Dima Barsky made the curl cookie parser accept cookies even with blank orDaniel Stenberg
unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this.
2009-09-28fix compiler warning: conversion from "long" to "size_t" may lose signYang Tse
2009-09-28libcurl private function Curl_memrchr() now in curl_memrchr.c and curl_memrchr.hYang Tse
2009-09-26- John P. McCaskey posted a bug report that showed how libcurl did wrong whenDaniel Stenberg
saving received cookies with no given path, if the path in the request had a query part. That is means a question mark (?) and characters on the right side of that. I wrote test case 1105 and fixed this problem.
2009-09-25minor whitespace editDaniel Stenberg
2009-09-10- Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epochDaniel Stenberg
start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 which internally then is treated as a session cookie. That particular date is now made to get the value of 1.
2009-06-15 DEBUGBUILD / CURLDEBUG decoupling follow-upYang Tse
2009-06-10- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings andDaniel Stenberg
contributed a range of patches to fix them.
2009-05-25- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointedDaniel Stenberg
out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8.
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-01-15- Tim Ansell fixed a compiler warning in lib/cookie.cDaniel Stenberg
2009-01-13- Michael Wallner fixed a NULL pointer deref when callingDaniel Stenberg
curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no cookies data.
2008-12-03- Pawel Kierski pointed out a mistake in the cookie code that could lead to aDaniel Stenberg
bad fclose() after a fatal error had occured. (http://curl.haxx.se/bug/view.cgi?id=2382219)
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich
Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
2008-10-16Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper functionDaniel Stenberg
used in strequal.c so now all test cases run fine for me again.
2008-10-15- Pascal Terjan filed bug #2154627Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected.
2008-10-13Removed superfluous check of clist->name, as in this code path that pointerDaniel Stenberg
has already been dereferenced so it is bound to be valid. Pointed out to us by coverity.com
2008-09-08- Stefan Krause pointed out that libcurl would wrongly send away cookies toDaniel Stenberg
sites in cases where the cookie clearly has a very old expiry date. The condition was simply that libcurl's date parser would fail to convert the date and it would then count as a (timed-based) match. Starting now, a missed date due to an unsupported date format or date range will now cause the cookie to not match.
2008-09-06remove unnecessary typecasting of malloc()Yang Tse
2008-09-06remove unnecessary typecasting of calloc()Yang Tse
2008-08-28- I'm abandoning the system with the web site mirrors (but keeping downloadDaniel Stenberg
files bing mirrored) and thus I've changed the URL in the cookiejar header to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2008-08-16Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TUYang Tse
remain in use as internal curl_off_t print formatting strings for the internal *printf functions which still cannot handle print formatting string directives such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and other DOS/Windows compilers. This reverts previous commit part which did: FORMAT_OFF_T -> CURL_FORMAT_CURL_OFF_T FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-15For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros,Yang Tse
the names of the curl_off_t formatting string directives now become CURL_FORMAT_CURL_OFF_T and CURL_FORMAT_CURL_OFF_TU. CURL_FMT_OFF_T -> CURL_FORMAT_CURL_OFF_T CURL_FMT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU Remove the use of an internal name for the curl_off_t formatting string directives and use the common one available from the inside and outside of the library. FORMAT_OFF_T -> CURL_FORMAT_CURL_OFF_T FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-01-31- Niklas Angebrand made the cookie support in libcurl properly deal with theDaniel Stenberg
"HttpOnly" feature introduced by Microsoft and apparently also supported by Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly is now supported when received from servers in HTTP headers, when written to cookie jars and when read from existing cookie jars.
2008-01-23"Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and soDaniel Stenberg
did "SESS". Fixed now.
2007-11-07if () => if()Daniel Stenberg
while () => while() and some other minor re-indentings
2007-08-29Added lots of constsDan Fandrich
2007-04-07fix out of memory handling issueYang Tse
2007-04-04Fixed file handle leak in OOM condition.Dan Fandrich
2007-03-25fix compiler warningYang Tse
2007-02-14avoid using funtion isblank() and just use our ISBLANKYang Tse
macro to provide this functionality on all platforms
2007-02-14compiler warning fixYang Tse
2007-02-13use our own ISBLANK macroYang Tse
2007-01-13make Curl_cookie_clearall() survive getting called with a NULL pointerDaniel Stenberg
2006-09-27As reported in bug: #1566077 the former URL mentioned in the generated cookieDaniel Stenberg
jar has died and we now instead point out our own version of that
2006-07-08Ates Goral pointed out that libcurl's cookie parser did case insensitiveDaniel Stenberg
string comparisons on the path which is incorrect and provided a patch that fixes this. I edited test case 8 to include details that test for this.
2006-05-24Michael Wallner provided a patch that allows "SESS" to be set withDaniel Stenberg
CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly edited by me, and the re-indent in cookie.c was also done by me)
2005-08-17remove the typecast to long from time_t, since we now store it as curl_off_tDaniel Stenberg
2005-08-17- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (withDaniel Stenberg
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to write the result to a given cookie jar and then never actually call curl_easy_perform() - the given file(s) to read was never read but the output file was written and thus it caused a "funny" result. - While doing some tests for the bug above, I noticed that Firefox generates large numbers (for the expire time) in the cookies.txt file and libcurl didn't treat them properly. Now it does.