projects
/
m6w6
/
ext-http
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
|
github
raw
|
inline
| side by side
- rather use a list of disallowed chars
[m6w6/ext-http]
/
http_api.c
diff --git
a/http_api.c
b/http_api.c
index 1d3f657dd9b5f5ada83dd5469bb54150aff2d90f..7762f20775de6a909721b4815c35163138867d29 100644
(file)
--- a/
http_api.c
+++ b/
http_api.c
@@
-137,21
+137,20
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
switch (st)
{
case ST_QUOTE:
switch (st)
{
case ST_QUOTE:
- switch (*c)
- {
- case '"':
- if (*(c-1) != '\\') {
- st = ST_ADD;
- } else {
- memmove(c-1, c, strlen(c)+1);
- }
- break;
-
- default:
- if (!val) {
- val = c;
- }
- break;
+ if (*c == '"') {
+ if (*(c-1) != '\\') {
+ st = ST_ADD;
+ } else {
+ memmove(c-1, c, strlen(c)+1);
+ }
+ } else {
+ if (!val) {
+ val = c;
+ }
+ if (!*c) {
+ --val;
+ st = ST_ADD;
+ }
}
break;
}
break;
@@
-167,8
+166,11
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
case ' ':
break;
case ' ':
break;
- case '\0':
case ';':
case ';':
+ goto add;
+ break;
+
+ case '\0':
st = ST_ADD;
break;
st = ST_ADD;
break;
@@
-183,16
+185,22
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
case ST_KEY:
switch (*c)
{
case ST_KEY:
switch (*c)
{
- default:
- if (!isalnum(*c)) {
+ case ',':
+ case '\r':
+ case '\n':
+ case '\t':
+ case '\013':
+ case '\014':
+ goto failure;
+ break;
+
+ case '=':
+ if (key) {
+ keylen = c - key;
+ st = ST_VALUE;
+ } else {
goto failure;
}
goto failure;
}
- case '.':
- case '_':
- case '$':
- if (!key) {
- key = c;
- }
break;
case ' ':
break;
case ' ':
@@
-202,18
+210,17
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
}
break;
}
break;
- case '
=
':
+ case '
\0
':
if (key) {
keylen = c - key;
if (key) {
keylen = c - key;
- st = ST_VALUE;
- } else {
- goto failure;
+ st = ST_ADD;
}
break;
}
break;
- case '\0':
- keylen = c - key;
- st = ST_ADD;
+ default:
+ if (!key) {
+ key = c;
+ }
break;
}
break;
break;
}
break;
@@
-221,7
+228,7
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
case ST_ASSIGN:
if (*c == '=') {
st = ST_VALUE;
case ST_ASSIGN:
if (*c == '=') {
st = ST_VALUE;
- } else if (*c == ';') {
+ } else if (
!*c ||
*c == ';') {
st = ST_ADD;
} else if (*c != ' ') {
goto failure;
st = ST_ADD;
} else if (*c != ' ') {
goto failure;
@@
-232,6
+239,7
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
add:
if (val) {
vallen = c - val - (*c?1:0);
add:
if (val) {
vallen = c - val - (*c?1:0);
+ while (val[vallen-1] == ' ') --vallen;
} else {
val = "";
vallen = 0;
} else {
val = "";
vallen = 0;
@@
-264,6
+272,7
@@
PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
return SUCCESS;
failure:
return SUCCESS;
failure:
+ http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Unexpected character (%c) at pos %tu of %zu", *c, c-s, strlen(s));
efree(s);
return FAILURE;
}
efree(s);
return FAILURE;
}