| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
I was under the impression that the brackets were part of the host syntax,
but a_Url_hostname() shows that they are part of the _authority_ and are
stripped out when making the hostname.
|
|
Basically, I and i are different letters in Turkic languages, and this
causes problems for str(n)casecmp and toupper/tolower in these locales
when dillo is dealing with ASCII.
|
|
|
|
What an awful situation it is in general.
|
|
Huge cookies confuse the code that reads them back in. I suppose there's
always the possibility of getting a cookies.txt from something else, or
a manually-edited one, but...
Incidentally, the RFC thinks user agents should allow 4096 bytes for
name+value+attributes, which we must be within, say, 50 bytes of.
|
|
I was going to say something in the comments about simplicity and not
implementing every little bit of the rfc when we don't know of cookies
that make it necessary, but then I suppose that's all implied with dillo.
|
|
|
|
|
|
|
|
|
|
Behaviour should be quite similar to before, but it'll be easier for
someone else to understand if it matches the spec's way of doing things
more closely.
|
|
I did check that tm.tm_sec was 0 before adding the max time to it,
so that wasn't the problem. (max - 1000) was fine...
Surely safer in general to do like this anyway, so I didn't spend time
really digging into details this time.
|
|
Nothing wrong with it in principle, but...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Apparently, that's how you're supposed to do things. It's clumsy, but oh well.
|
|
|
|
...as Johannes pointed out.
(This patch in itself is not meant to fix the time_t overflow problem.)
|
|
|
|
|
|
|
|
|
|
|
|
sourceforge sends cookies this way.
It seems that quotes around values are generally to be ignored, i.e.,
not stripped or anything, but I asked the draft spec author about this
case, and he reports that he has fixed his algorithm to allow leading and
trailing delimiters around cookie-date.
If I/someone eventually does make the timestamp code follow the algorithm more
closely, the stripping would no longer need to be done here. As for whether
we'd want to continue to use that code for the stricter server_date that
we get from the HTTP Date header, I'm not sure at the moment. I've already
added one case to it that wouldn't be legal for the header, though...
|
|
And don't leak nodes.
I never saw any crashing -- and the problem was already in the code before
I got to it -- but I was alerted to the matter when puzzling over why
there was another round of searching for domain_cookies near the bottom of
Cookies_add_cookie.
|
|
|
|
The code was already such that, even if we accepted 123.45 as a domain for
host 1.2.123.45, it wouldn't be sent back to anyone. But it would be easy
to make some small change later that would break that, so...
|
|
|
|
|
|
|
|
Jeremy pointed out
http://lists.auriga.wearlab.de/pipermail/dillo-dev/2010-January/007144.html
that time_t could in principle be a floating type.
The cookies dpi assumes that it is an integer type.
|
|
|
|
|
