gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 00:11:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

NSHTTPCookie: fix bug in Set-Cookie parser

Browse source 
Fix a bug in NSHTTPCookie's Set-Cookie parser where it would fail to
parse more than one key-only cookie (such as "Secure; HTTPOnly;") in a
header.
This commit is contained in:
Daniel Ferreira 2017-06-25 09:19:16 +10:00 committed by Ivan Vučica
parent 644b676949
commit 277ae581a6
2 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Source/NSHTTPCookie.m
View file

@ -745,7 +745,19 @@ GSPropertyListFromCookieFormat(NSString *string, int version)
}
else
{
unsigned int oldpos = pld->pos;
unsigned int keyvalpos = 0;
id keyval = parseUnquotedString(pld, ';');
keyvalpos = pld->pos;
pld->pos = oldpos;
key = parseUnquotedString(pld, '=');
// Detect value-less cookies like HTTPOnly; and Secure;
if ([keyval length] < [key length])
{
pld->pos = keyvalpos;
key = keyval;
}
}
if (key == nil)
{

4
Tests/base/NSHTTPCookie/basic.m
View file

@ -53,6 +53,7 @@ int main()
"NSHTTPCookie returns proper value");
PASS([[cookie domain] isEqual: [url host]],
"NSHTTPCookie returns proper domain");
PASS(![cookie isSecure], "Cookie is not secure");
PASS(![cookie isHTTPOnly], "Cookie is not http only");
dict = [NSHTTPCookie requestHeaderFieldsWithCookies: cookies];
@ -61,9 +62,10 @@ int main()
"NSHTTPCookie can generate proper cookie");
dict = [NSDictionary dictionaryWithObject:
@"SessionId=xxx;HttpOnly;" forKey: @"Set-Cookie"];
@"SessionId=xxx;HttpOnly;Secure;" forKey: @"Set-Cookie"];
cookies= [NSHTTPCookie cookiesWithResponseHeaderFields: dict forURL: url];
cookie = [cookies objectAtIndex:0];
PASS([cookie isSecure], "NSHTTPCookie is secure");
PASS([cookie isHTTPOnly], "NSHTTPCookie is HTTPOnly");
[arp release]; arp = nil;