- rather use a list of disallowed chars

- fix "foo\s+"

diff --git a/http_api.c b/http_api.c
index de1984a46fd6236edb4e4d014891426ea9ffc5c1..7762f20775de6a909721b4815c35163138867d29 100644 (file)
--- a/http_api.c
+++ b/http_api.c
@@ -185,32 +185,28 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                        case ST_KEY:
                                switch (*c)
                                {
-                                       default:
-                                               if (!isalnum(*c)) {
-                                                       goto failure;
-                                               }
-                                       case '.':
-                                       case '_':
-                                       case '$':
-                                       case '@':
-                                               if (!key) {
-                                                       key = c;
-                                               }
+                                       case ',':
+                                       case '\r':
+                                       case '\n':
+                                       case '\t':
+                                       case '\013':
+                                       case '\014':
+                                               goto failure;
                                        break;
                                        
-                                       case ' ':
+                                       case '=':
                                                if (key) {
                                                        keylen = c - key;
-                                                       st = ST_ASSIGN;
+                                                       st = ST_VALUE;
+                                               } else {
+                                                       goto failure;
                                                }
                                        break;
                                        
-                                       case '=':
+                                       case ' ':
                                                if (key) {
                                                        keylen = c - key;
-                                                       st = ST_VALUE;
-                                               } else {
-                                                       goto failure;
+                                                       st = ST_ASSIGN;
                                                }
                                        break;
                                        
@@ -220,13 +216,19 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
                                                        st = ST_ADD;
                                                }
                                        break;
+                                       
+                                       default:
+                                               if (!key) {
+                                                       key = c;
+                                               }
+                                       break;
                                }
                        break;
                                
                        case ST_ASSIGN:
                                if (*c == '=') {
                                        st = ST_VALUE;
-                               } else if (*c == ';') {
+                               } else if (!*c || *c == ';') {
                                        st = ST_ADD;
                                } else if (*c != ' ') {
                                        goto failure;