You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2009/11/07 20:19:10 UTC
svn commit: r833738 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c
Author: sf
Date: Sat Nov 7 19:19:10 2009
New Revision: 833738
URL: http://svn.apache.org/viewvc?rev=833738&view=rev
Log:
mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.
PR: 28037
Submitted by: Dan Franklin <dan dan-franklin.com>, Stefan Fritsch
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
httpd/httpd/trunk/modules/loggers/mod_log_config.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Nov 7 19:19:10 2009
@@ -10,6 +10,10 @@
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+ *) mod_log_config: Make ${cookie}C correctly match whole cookie names
+ instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
+ Stefan Fritsch]
+
*) vhost: A purely-numeric Host: header should not be treated as a port.
PR 44979 [Nick Kew]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml Sat Nov 7 19:19:10 2009
@@ -85,7 +85,7 @@
<tr><td><code>%{<var>VARNAME</var>}C</code></td>
<td>The contents of cookie <var>VARNAME</var> in the request sent
- to the server.</td></tr>
+ to the server. Only version 0 cookies are fully supported.</td></tr>
<tr><td><code>%D</code></td>
<td>The time taken to serve the request, in microseconds.</td></tr>
Modified: httpd/httpd/trunk/modules/loggers/mod_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?rev=833738&r1=833737&r2=833738&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/loggers/mod_log_config.c (original)
+++ httpd/httpd/trunk/modules/loggers/mod_log_config.c Sat Nov 7 19:19:10 2009
@@ -497,19 +497,42 @@
static const char *log_cookie(request_rec *r, char *a)
{
const char *cookies;
- const char *start_cookie;
+
+ /*
+ * This supports Netscape version 0 cookies while being tolerant to
+ * some properties of RFC2109/2965 version 1 cookies:
+ * - case-insensitive match of cookie names
+ * - white space around the '='
+ * It does not support the following version 1 features:
+ * - quoted strings as cookie values
+ * - commas to separate cookies
+ */
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
- if ((start_cookie = ap_strstr_c(cookies,a))) {
- char *cookie, *end_cookie;
- start_cookie += strlen(a) + 1; /* cookie_name + '=' */
- cookie = apr_pstrdup(r->pool, start_cookie);
- /* kill everything in cookie after ';' */
- end_cookie = strchr(cookie, ';');
- if (end_cookie) {
- *end_cookie = '\0';
- }
- return ap_escape_logitem(r->pool, cookie);
+ const char *cookie;
+ const char *cookie_end;
+ const char *cp;
+ int a_len = strlen(a);
+ /*
+ * Loop over semicolon-separated cookies.
+ */
+ for (cookie = cookies; *cookie != '\0'; cookie = cookie_end + strspn(cookie_end, "; \t")) {
+ /* Loop invariant: "cookie" always points to start of cookie name */
+
+ /* Set cookie_end to ';' that ends this cookie, or '\0' at EOS */
+ cookie_end = cookie + strcspn(cookie, ";");
+
+ cp = cookie + a_len;
+ if (cp >= cookie_end)
+ continue;
+ cp += strspn(cp, " \t");
+ if (*cp == '=' && !strncasecmp(cookie, a, a_len)) {
+ char *cookie_value;
+ cp++; /* Move past '=' */
+ cp += strspn(cp, " \t"); /* Move past WS */
+ cookie_value = apr_pstrmemdup(r->pool, cp, cookie_end - cp);
+ return ap_escape_logitem(r->pool, cookie_value);
+ }
}
}
return NULL;
Re: svn commit: r833738 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Sunday 08 November 2009, Ruediger Pluem wrote:
> Just a random thought: Wouldn't it be possible to simply things
> even further with apr_strtok?
>
Yes. Done in r834006.
Re: svn commit: r833738 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_log_config.xml
modules/loggers/mod_log_config.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 11/07/2009 08:19 PM, sf@apache.org wrote:
> Author: sf
> Date: Sat Nov 7 19:19:10 2009
> New Revision: 833738
>
> URL: http://svn.apache.org/viewvc?rev=833738&view=rev
> Log:
> mod_log_config: Make ${cookie}C correctly match whole cookie names
> instead of substrings.
>
> PR: 28037
> Submitted by: Dan Franklin <dan dan-franklin.com>, Stefan Fritsch
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/mod_log_config.xml
> httpd/httpd/trunk/modules/loggers/mod_log_config.c
>
> Modified: httpd/httpd/trunk/modules/loggers/mod_log_config.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?rev=833738&r1=833737&r2=833738&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/loggers/mod_log_config.c (original)
> +++ httpd/httpd/trunk/modules/loggers/mod_log_config.c Sat Nov 7 19:19:10 2009
> @@ -497,19 +497,42 @@
> static const char *log_cookie(request_rec *r, char *a)
> {
> const char *cookies;
> - const char *start_cookie;
> +
> + /*
> + * This supports Netscape version 0 cookies while being tolerant to
> + * some properties of RFC2109/2965 version 1 cookies:
> + * - case-insensitive match of cookie names
> + * - white space around the '='
> + * It does not support the following version 1 features:
> + * - quoted strings as cookie values
> + * - commas to separate cookies
> + */
>
> if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
> - if ((start_cookie = ap_strstr_c(cookies,a))) {
> - char *cookie, *end_cookie;
> - start_cookie += strlen(a) + 1; /* cookie_name + '=' */
> - cookie = apr_pstrdup(r->pool, start_cookie);
> - /* kill everything in cookie after ';' */
> - end_cookie = strchr(cookie, ';');
> - if (end_cookie) {
> - *end_cookie = '\0';
> - }
> - return ap_escape_logitem(r->pool, cookie);
> + const char *cookie;
> + const char *cookie_end;
> + const char *cp;
> + int a_len = strlen(a);
> + /*
> + * Loop over semicolon-separated cookies.
> + */
> + for (cookie = cookies; *cookie != '\0'; cookie = cookie_end + strspn(cookie_end, "; \t")) {
> + /* Loop invariant: "cookie" always points to start of cookie name */
> +
> + /* Set cookie_end to ';' that ends this cookie, or '\0' at EOS */
> + cookie_end = cookie + strcspn(cookie, ";");
> +
> + cp = cookie + a_len;
> + if (cp >= cookie_end)
> + continue;
> + cp += strspn(cp, " \t");
> + if (*cp == '=' && !strncasecmp(cookie, a, a_len)) {
> + char *cookie_value;
> + cp++; /* Move past '=' */
> + cp += strspn(cp, " \t"); /* Move past WS */
> + cookie_value = apr_pstrmemdup(r->pool, cp, cookie_end - cp);
> + return ap_escape_logitem(r->pool, cookie_value);
> + }
Just a random thought: Wouldn't it be possible to simply things even further with apr_strtok?
Regards
RĂ¼diger