diff options
| author | Tom Burdick <[email protected]> | 2012-04-16 19:58:52 -0500 |
|---|---|---|
| committer | Tom Burdick <[email protected]> | 2012-05-14 08:41:36 -0500 |
| commit | 7ffd3247993ea1ef9a065be15998a723dbea8126 (patch) | |
| tree | 58c7a815691e2b1aaca95247ef84482402cb5b3a | |
| parent | 4f78be6da615384d092093ef128535f00146e6f7 (diff) | |
| download | cowboy-7ffd3247993ea1ef9a065be15998a723dbea8126.tar.gz cowboy-7ffd3247993ea1ef9a065be15998a723dbea8126.tar.bz2 cowboy-7ffd3247993ea1ef9a065be15998a723dbea8126.zip | |
Only ignore slashes in cookie values for the path
* Ensures cookie encoding errors are caught earlier
* Fix separator misspelling
| -rw-r--r-- | src/cowboy_cookies.erl | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/src/cowboy_cookies.erl b/src/cowboy_cookies.erl index 6818a86..5ab27e2 100644 --- a/src/cowboy_cookies.erl +++ b/src/cowboy_cookies.erl @@ -96,7 +96,7 @@ cookie(Key, Value, Options) when is_binary(Key) undefined -> <<"">>; Path -> - <<"; Path=", (quote(Path))/binary>> + <<"; Path=", (quote(Path, true))/binary>> end, HttpOnlyPart = case proplists:get_value(http_only, Options) of @@ -119,7 +119,7 @@ is_whitespace($\r) -> true; is_whitespace($\n) -> true; is_whitespace(_) -> false. -%% @doc Check if a character is a seperator. +%% @doc Check if a character is a separator. -spec is_separator(char()) -> boolean(). is_separator(C) when C < 32 -> true; is_separator($\s) -> true; @@ -143,34 +143,39 @@ is_separator(${) -> true; is_separator($}) -> true; is_separator(_) -> false. -%% @doc Check if a binary has an ASCII seperator character. --spec has_seperator(binary()) -> boolean(). -has_seperator(<<>>) -> +%% @doc Check if a binary has an ASCII separator character. +-spec has_separator(binary(), boolean()) -> boolean(). +has_separator(<<>>, _) -> false; -has_seperator(<<$/, Rest/binary>>) -> - has_seperator(Rest); -has_seperator(<<C, Rest/binary>>) -> +has_separator(<<$/, Rest/binary>>, true) -> + has_separator(Rest, true); +has_separator(<<C, Rest/binary>>, IgnoreSlash) -> case is_separator(C) of true -> true; false -> - has_seperator(Rest) + has_separator(Rest, IgnoreSlash) end. %% @doc Convert to a binary and raise an error if quoting is required. Quoting %% is broken in different ways for different browsers. Its better to simply %% avoiding doing it at all. %% @end --spec quote(term()) -> binary(). -quote(V0) -> +-spec quote(term(), boolean()) -> binary(). +quote(V0, IgnoreSlash) -> V = any_to_binary(V0), - case has_seperator(V) of + case has_separator(V, IgnoreSlash) of true -> erlang:error({cookie_quoting_required, V}); false -> V end. +%% @equiv quote(Bin, false) +-spec quote(term()) -> binary(). +quote(V0) -> + quote(V0, false). + -spec add_seconds(integer(), calendar:datetime()) -> calendar:datetime(). add_seconds(Secs, LocalTime) -> Greg = calendar:datetime_to_gregorian_seconds(LocalTime), @@ -265,7 +270,7 @@ binary_splitwith(F, Head, Tail) -> binary_splitwith(F, String) -> binary_splitwith(F, <<>>, String). -%% @doc Split the binary when the next seperator is found. +%% @doc Split the binary when the next separator is found. -spec read_token(binary()) -> {binary(), binary()}. read_token(String) -> binary_splitwith(fun is_separator/1, String). @@ -301,6 +306,9 @@ quote_test() -> catch error:{cookie_quoting_required, <<":wq">>} -> ok end, ?assertEqual(<<"foo">>,quote(foo)), + _ = try quote(<<"/test/slashes/">>) + catch error:{cookie_quoting_required, <<"/test/slashes/">>} -> ok + end, ok. parse_cookie_test() -> |