- rather use a list of disallowed chars

[m6w6/ext-http] / http_api.c

diff --git a/http_api.c b/http_api.c
index a17c608cf991d9f280106515447b5b4cda26122b..7762f20775de6a909721b4815c35163138867d29 100644 (file)
--- a/http_api.c
+++ b/http_api.c
@@ -147,6 +147,10 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                                        if (!val) {
                                                val = c;
                                        }
+                                       if (!*c) {
+                                               --val;
+                                               st = ST_ADD;
+                                       }
                                }
                        break;
                                
@@ -162,8 +166,11 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                                        case ' ':
                                        break;
                                        
-                                       case '\0':
                                        case ';':
+                                               goto add;
+                                       break;
+                               
+                                       case '\0':
                                                st = ST_ADD;
                                        break;
                                        
@@ -178,17 +185,22 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                        case ST_KEY:
                                switch (*c)
                                {
-                                       default:
-                                               if (!isalnum(*c)) {
+                                       case ',':
+                                       case '\r':
+                                       case '\n':
+                                       case '\t':
+                                       case '\013':
+                                       case '\014':
+                                               goto failure;
+                                       break;
+                                       
+                                       case '=':
+                                               if (key) {
+                                                       keylen = c - key;
+                                                       st = ST_VALUE;
+                                               } else {
                                                        goto failure;
                                                }
-                                       case '.':
-                                       case '_':
-                                       case '$':
-                                       case '@':
-                                               if (!key) {
-                                                       key = c;
-                                               }
                                        break;
                                        
                                        case ' ':
@@ -198,18 +210,17 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                                                }
                                        break;
                                        
-                                       case '=':
+                                       case '\0':
                                                if (key) {
                                                        keylen = c - key;
-                                                       st = ST_VALUE;
-                                               } else {
-                                                       goto failure;
+                                                       st = ST_ADD;
                                                }
                                        break;
                                        
-                                       case '\0':
-                                               keylen = c - key;
-                                               st = ST_ADD;
+                                       default:
+                                               if (!key) {
+                                                       key = c;
+                                               }
                                        break;
                                }
                        break;
@@ -217,7 +228,7 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                        case ST_ASSIGN:
                                if (*c == '=') {
                                        st = ST_VALUE;
-                               } else if (*c == ';') {
+                               } else if (!*c || *c == ';') {
                                        st = ST_ADD;
                                } else if (*c != ' ') {
                                        goto failure;
@@ -228,6 +239,7 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                        add:
                                if (val) {
                                        vallen = c - val - (*c?1:0);
+                                       while (val[vallen-1] == ' ') --vallen;
                                } else {
                                        val = "";
                                        vallen = 0;