sf at apache
Nov 7, 2009, 11:19 AM
Post #1 of 1
(65 views)
Permalink
|
|
svn commit: r833738 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c
|
|
Author: sf
Date: Sat Nov 7 19:19:10 2009
New Revision: 833738
URL: http://svn.apache.org/viewvc?rev=833738&view=rev
Log:
mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.
PR: 28037
Submitted by: Dan Franklin <dan dan-franklin.com>, Stefan Fritsch
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
httpd/httpd/trunk/modules/loggers/mod_log_config.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Nov 7 19:19:10 2009
@@ -10,6 +10,10 @@
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+ *) mod_log_config: Make ${cookie}C correctly match whole cookie names
+ instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
+ Stefan Fritsch]
+
*) vhost: A purely-numeric Host: header should not be treated as a port.
PR 44979 [Nick Kew]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml Sat Nov 7 19:19:10 2009
@@ -85,7 +85,7 @@
<tr><td><code>%{<var>VARNAME</var>}C</code></td>
<td>The contents of cookie <var>VARNAME</var> in the request sent
- to the server.</td></tr>
+ to the server. Only version 0 cookies are fully supported.</td></tr>
<tr><td><code>%D</code></td>
<td>The time taken to serve the request, in microseconds.</td></tr>
Modified: httpd/httpd/trunk/modules/loggers/mod_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/loggers/mod_log_config.c (original)
+++ httpd/httpd/trunk/modules/loggers/mod_log_config.c Sat Nov 7 19:19:10 2009
@@ -497,19 +497,42 @@
static const char *log_cookie(request_rec *r, char *a)
{
const char *cookies;
- const char *start_cookie;
+
+ /*
+ * This supports Netscape version 0 cookies while being tolerant to
+ * some properties of RFC2109/2965 version 1 cookies:
+ * - case-insensitive match of cookie names
+ * - white space around the '='
+ * It does not support the following version 1 features:
+ * - quoted strings as cookie values
+ * - commas to separate cookies
+ */
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
- if ((start_cookie = ap_strstr_c(cookies,a))) {
- char *cookie, *end_cookie;
- start_cookie += strlen(a) + 1; /* cookie_name + '=' */
- cookie = apr_pstrdup(r->pool, start_cookie);
- /* kill everything in cookie after ';' */
- end_cookie = strchr(cookie, ';');
- if (end_cookie) {
- *end_cookie = '\0';
- }
- return ap_escape_logitem(r->pool, cookie);
+ const char *cookie;
+ const char *cookie_end;
+ const char *cp;
+ int a_len = strlen(a);
+ /*
+ * Loop over semicolon-separated cookies.
+ */
+ for (cookie = cookies; *cookie != '\0'; cookie = cookie_end + strspn(cookie_end, "; \t")) {
+ /* Loop invariant: "cookie" always points to start of cookie name */
+
+ /* Set cookie_end to ';' that ends this cookie, or '\0' at EOS */
+ cookie_end = cookie + strcspn(cookie, ";");
+
+ cp = cookie + a_len;
+ if (cp >= cookie_end)
+ continue;
+ cp += strspn(cp, " \t");
+ if (*cp == '=' && !strncasecmp(cookie, a, a_len)) {
+ char *cookie_value;
+ cp++; /* Move past '=' */
+ cp += strspn(cp, " \t"); /* Move past WS */
+ cookie_value = apr_pstrmemdup(r->pool, cp, cookie_end - cp);
+ return ap_escape_logitem(r->pool, cookie_value);
+ }
}
}
return NULL;
|
