Changeset 14914 in project


Ignore:
Timestamp:
06/06/09 17:42:01 (11 years ago)
Author:
sjamaan
Message:

Add support for broken cookie expiry values

Location:
release/4/intarweb/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • release/4/intarweb/trunk/header-parsers.scm

    r14912 r14914  
    370370  (string-search (regexp "^[^=\"]+=[^;]*;.*expires[[:space:]]*=" #f) cookie))
    371371
     372;; We're using http-date-subparser for 'expires' instead of rfc850-subparser
     373;; (which would be the correct thing to do) because several well-known web
     374;; server software packages (tested: PHP and Rails) get it wrong.  So we
     375;; will go by the robustness principle and allow any kind of HTTP date.
    372376(define set-cookie-parser
    373   (let ((param-subparsers `((expires . ,rfc850-subparser)
     377  (let ((param-subparsers `((expires . ,http-date-subparser)
    374378                            (max-age . ,string->number)
    375379                            (version . ,string->number))))
  • release/4/intarweb/trunk/tests/run.scm

    r14836 r14914  
    322322            "/"
    323323            (get-param 'path
    324                        (first (header-contents 'set-cookie headers))))))
     324                       (first (header-contents 'set-cookie headers)))))
     325    (let* ((headers (test-read-headers "Set-Cookie: foo=; expires=Sun, 20 Jul 2008 15:23:42 GMT; secure; path = / ")))
     326      (test "Noncompliant syntax cookie expiry value"
     327            (utc-time->seconds '#(42 23 15 20 6 108 0 309 #f 0))
     328            (utc-time->seconds
     329             (get-param 'expires
     330                        (first (header-contents 'set-cookie headers)))))))
    325331 
    326332  (test-group "Cookie-parser"
Note: See TracChangeset for help on using the changeset viewer.