From 7c21c1c4f981a947f9f91ff685f898d0306589f7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 Aug 2011 14:02:05 +0200 Subject: cookie parser: handle 'secure=' There are two keywords in cookie headers that don't follow the regular name=value style: secure and httponly. Still we must support that they are written like 'secure=' and then treat them as if they were written 'secure'. Test case 31 was much extended by Rob Ward to test this. Bug: http://curl.haxx.se/bug/view.cgi?id=3349227 Reported by: "gnombat" --- tests/data/test31 | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'tests') diff --git a/tests/data/test31 b/tests/data/test31 index d06bc1180..5afe81df6 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -18,6 +18,28 @@ Content-Type: text/html Funny-head: yesyes Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure Set-Cookie:ismatch=this ; domain=127.0.0.1; path=/silly/ +Set-Cookie: sec1value=secure1 ; domain=127.0.0.1; path=/secure1/ ; secure +Set-Cookie: sec2value=secure2 ; domain=127.0.0.1; path=/secure2/ ; secure= +Set-Cookie: sec3value=secure3 ; domain=127.0.0.1; path=/secure3/ ; secure= +Set-Cookie: sec4value=secure4 ; secure=; domain=127.0.0.1; path=/secure4/ ; +Set-Cookie: sec5value=secure5 ; secure; domain=127.0.0.1; path=/secure5/ ; +Set-Cookie: sec6value=secure6 ; secure ; domain=127.0.0.1; path=/secure6/ ; +Set-Cookie: sec7value=secure7 ; secure ; domain=127.0.0.1; path=/secure7/ ; +Set-Cookie: sec8value=secure8 ; secure= ; domain=127.0.0.1; path=/secure8/ ; +Set-Cookie: secure=very1 ; secure=; domain=127.0.0.1; path=/secure9/; +Set-Cookie: httpo1=value1 ; domain=127.0.0.1; path=/p1/; httponly +Set-Cookie: httpo2=value2 ; domain=127.0.0.1; path=/p2/; httponly= +Set-Cookie: httpo3=value3 ; httponly; domain=127.0.0.1; path=/p3/; +Set-Cookie: httpo4=value4 ; httponly=; domain=127.0.0.1; path=/p4/; +Set-Cookie: httponly=myvalue1 ; domain=127.0.0.1; path=/p4/; httponly +Set-Cookie: httpandsec=myvalue2 ; domain=127.0.0.1; path=/p4/; httponly; secure +Set-Cookie: httpandsec2=myvalue3; domain=127.0.0.1; path=/p4/; httponly=; secure +Set-Cookie: httpandsec3=myvalue4 ; domain=127.0.0.1; path=/p4/; httponly; secure= +Set-Cookie: httpandsec4=myvalue5 ; domain=127.0.0.1; path=/p4/; httponly=; secure= +Set-Cookie: httpandsec5=myvalue6 ; domain=127.0.0.1; path=/p4/; secure; httponly= +Set-Cookie: httpandsec6=myvalue7 ; domain=127.0.0.1; path=/p4/; secure=; httponly= +Set-Cookie: httpandsec7=myvalue8 ; domain=127.0.0.1; path=/p4/; secure; httponly +Set-Cookie: httpandsec8=myvalue9; domain=127.0.0.1; path=/p4/; secure=; httponly Set-Cookie: partmatch=present; domain=127.0.0.1 ; path=/; Set-Cookie:eat=this; domain=moo.foo.moo; Set-Cookie: eat=this-too; domain=.foo.moo; @@ -69,6 +91,28 @@ Accept: */* # This file was generated by libcurl! Edit at your own risk. .127.0.0.1 TRUE /silly/ FALSE 0 ismatch this +.127.0.0.1 TRUE /secure1/ TRUE 0 sec1value secure1 +.127.0.0.1 TRUE /secure2/ TRUE 0 sec2value secure2 +.127.0.0.1 TRUE /secure3/ TRUE 0 sec3value secure3 +.127.0.0.1 TRUE /secure4/ TRUE 0 sec4value secure4 +.127.0.0.1 TRUE /secure5/ TRUE 0 sec5value secure5 +.127.0.0.1 TRUE /secure6/ TRUE 0 sec6value secure6 +.127.0.0.1 TRUE /secure7/ TRUE 0 sec7value secure7 +.127.0.0.1 TRUE /secure8/ TRUE 0 sec8value secure8 +.127.0.0.1 TRUE /secure9/ TRUE 0 secure very1 +#HttpOnly_.127.0.0.1 TRUE /p1/ FALSE 0 httpo1 value1 +#HttpOnly_.127.0.0.1 TRUE /p2/ FALSE 0 httpo2 value2 +#HttpOnly_.127.0.0.1 TRUE /p3/ FALSE 0 httpo3 value3 +#HttpOnly_.127.0.0.1 TRUE /p4/ FALSE 0 httpo4 value4 +#HttpOnly_.127.0.0.1 TRUE /p4/ FALSE 0 httponly myvalue1 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec myvalue2 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec2 myvalue3 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec3 myvalue4 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec4 myvalue5 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec5 myvalue6 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec6 myvalue7 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec7 myvalue8 +#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec8 myvalue9 .127.0.0.1 TRUE / FALSE 0 partmatch present 127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value #HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir -- cgit v1.2.3