httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <...@sunstarsys.com>
Subject Re: cookies: %26 & &amp;
Date Wed, 10 Jan 2001 03:49:44 GMT

Here's the apache_cookie.c patch off the latest cvs
source.  Unless someone objects, I'll try committing
it in a few days.  It encoodes "&" and "=" characters
in cookie data values, modifying the argument string
in place (a good thing).

==================================================
--- httpd-apreq/c/apache_cookie.c	Thu Jan  4 19:05:23 2001
+++ test-apreq/c/apache_cookie.c	Tue Jan  9 22:35:18 2001
@@ -192,8 +192,40 @@
         cookie_push_arr(arr, ap_pstrcat(p, name, "=", val, NULL)); \
     }
 
-#define escape_url(val) \
-ap_os_escape_path(p, val?val:"", 1)
+char * escape_url(pool *p, char *val) 
+{
+  char *result = ap_os_escape_path(p, val?val:"", 1);
+  char *end = result + strlen(result);
+  char *seek;
+
+  for ( seek = end-1; seek >= result; --seek) {
+    char *ptr, *replacement;
+
+    switch (*seek) {
+
+    case '&':
+	replacement = "%26";
+	break;
+    case '=':
+	replacement = "%3d";
+	break;
+    /* additional cases here */
+
+    default:
+	continue; /* next for() */
+    }
+
+
+    for (ptr = end; ptr > seek; --ptr) {
+      ptr[2] = ptr[0];
+    }
+
+    strncpy(seek, replacement, 3);
+    end += 2;
+  }
+
+  return(result);
+}
 
 char *ApacheCookie_as_string(ApacheCookie *c)
 {
@@ -214,10 +246,10 @@
 	cookie_push_arr(values, "secure");
     }
 
-    cookie = ap_pstrcat(p, escape_url(c->name), "=", NULL);
+    cookie = ap_pstrcat(p, escape_url(p, c->name), "=", NULL);
     for (i=0; i<c->values->nelts; i++) {
 	cookie = ap_pstrcat(p, cookie, 
-			    escape_url(((char**)c->values->elts)[i]), 
+			    escape_url(p, ((char**)c->values->elts)[i]), 
 			    (i < (c->values->nelts-1) ? "&" : NULL),
 			    NULL);
     }
==================================================
-- 
Joe Schaefer

Mime
View raw message