mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

bug 156726, citibank.com broken, r=mstoltz, sr=dveditz

This commit is contained in:
morse%netscape.com 2002-09-27 03:29:04 +00:00
Родитель 0f9dcdf87f
Коммит 56030a3f5e
1 изменённых файлов: 21 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

22
extensions/cookie/nsCookies.cpp
Просмотреть файл

@ -724,7 +724,15 @@ COOKIE_GetCookie(nsIURI * address) {
} }
if(cookie_s->path && !PL_strncmp(path.get(), cookie_s->path, cookiePathLen)) { if(cookie_s->path && !PL_strncmp(path.get(), cookie_s->path, cookiePathLen)) {
PRUint32 pathLen = path.Length(); PRUint32 pathLen = path.Length();
if (pathLen>cookiePathLen && (path[cookiePathLen] != '/')) { if (pathLen>cookiePathLen &&
path[cookiePathLen] != '/' && path[cookiePathLen] != '?' &&
path[cookiePathLen] != '#' && path[cookiePathLen] != ';') {
/*
* note that the '?' test above allows a site at host/abc?def to receive a cookie that
* has a path attribute of abc. This seems strange but at least one major site
* (citibank, bug 156725) depends on it. The test for # and ; are put in to proactively
* avoid problems with other sites.
*/
continue; continue;
} }
@ -1238,6 +1246,14 @@ cookie_SetCookieString(nsIURI * curURL, nsIPrompt *aPrompter, const char * setCo
*(iter+1) = '\0'; *(iter+1) = '\0';
} }
path_from_header = nsCRT::strdup(cur_path.get()); path_from_header = nsCRT::strdup(cur_path.get());
#if 1
/*
* The following test is part of the RFC2109 spec. Loosely speaking, it says that a site
* cannot set a cookie for a path that it is not on. See bug 155083. However this patch
* broke several sites -- nordea (bug 155768) and citibank (bug 156725). So this test is being
* bracketed by an if statement to allow it to be disabled in the event that we cannot
* evangelize these sites.
*/
} else { } else {
if(PL_strncmp(cur_path.get(), path_from_header, PL_strlen(path_from_header))) { if(PL_strncmp(cur_path.get(), path_from_header, PL_strlen(path_from_header))) {
PR_FREEIF(path_from_header); PR_FREEIF(path_from_header);
@ -1245,6 +1261,7 @@ cookie_SetCookieString(nsIURI * curURL, nsIPrompt *aPrompter, const char * setCo
nsCRT::free(setCookieHeaderInternal); nsCRT::free(setCookieHeaderInternal);
return; return;
} }
#endif
} }
if(!host_from_header) { if(!host_from_header) {
host_from_header = nsCRT::strdup(cur_host.get()); host_from_header = nsCRT::strdup(cur_host.get());
@ -1525,6 +1542,9 @@ COOKIE_SetCookieStringFromHttp(nsIURI * curURL, nsIURI * firstURL, nsIPrompt *aP
} }
} }
expires = cookie_ParseDate(date); expires = cookie_ParseDate(date);
if (expires == 0) {
expires = 1; // avoid confusion with session cookies
}
*ptr=origLast; *ptr=origLast;
} }
if (server_date && *server_date) { if (server_date && *server_date) {