📄 lycookie.c
字号:
} value = (char *)calloc(1, value_len + 1); if (value == NULL) outofmem(__FILE__, "LYProcessSetCookie"); LYstrncpy(value, value_start, value_len); } if (len == 6 && !strncasecomp(attr_start, "secure", 6)) { if (value == NULL) { known_attr = YES; if (cur_cookie != NULL) { cur_cookie->flags |= COOKIE_FLAG_SECURE; } } else { /* * If secure has a value, assume someone * misused it as cookie name. - FM */ known_attr = NO; } } else if (len == 7 && !strncasecomp(attr_start, "discard", 7)) { if (value == NULL) { known_attr = YES; if (cur_cookie != NULL) { cur_cookie->flags |= COOKIE_FLAG_DISCARD; } } else { /* * If discard has a value, assume someone * used it as a cookie name. - FM */ known_attr = NO; } } else if (len == 7 && !strncasecomp(attr_start, "comment", 7)) { known_attr = YES; if (cur_cookie != NULL && value && /* * Don't process a repeat comment. - FM */ cur_cookie->comment == NULL) { StrAllocCopy(cur_cookie->comment, value); length += strlen(cur_cookie->comment); } } else if (len == 10 && !strncasecomp(attr_start, "commentURL", 10)) { known_attr = YES; if (cur_cookie != NULL && value && /* * Don't process a repeat commentURL. - FM */ cur_cookie->commentURL == NULL) { /* * We should get only absolute URLs as * values, but will resolve versus the * request's URL just in case. - FM */ cur_cookie->commentURL = HTParse(value, address, PARSE_ALL); /* * Accept only URLs for http or https servers. - FM */ if ((url_type = is_url(cur_cookie->commentURL)) && (url_type == HTTP_URL_TYPE || url_type == HTTPS_URL_TYPE)) { length += strlen(cur_cookie->commentURL); } else { if (TRACE) fprintf(stderr, "LYProcessSetCookies: Rejecting commentURL value '%s'\n", cur_cookie->commentURL); FREE(cur_cookie->commentURL); } } } else if (len == 6 && !strncasecomp(attr_start, "domain", 6)) { known_attr = YES; if (cur_cookie != NULL && value && /* * Don't process a repeat domain. - FM */ !(cur_cookie->flags & COOKIE_FLAG_DOMAIN_SET)) { length -= strlen(cur_cookie->domain); /* * If the value does not have a lead dot, * but does have an embedded dot, and is * not an exact match to the hostname, nor * is a numeric IP address, add a lead dot. * Otherwise, use the value as is. - FM */ if (value[0] != '.' && value[0] != '\0' && value[1] != '\0' && strcmp(value, hostname)) { char *ptr = strchr(value, '.'); if (ptr != NULL && ptr[1] != '\0') { ptr = value; while (*ptr == '.' || isdigit((unsigned char)*ptr)) ptr++; if (*ptr != '\0') { if (TRACE) { fprintf(stderr, "LYProcessSetCookies: Adding lead dot for domain value '%s'\n", value); } StrAllocCopy(cur_cookie->domain, "."); StrAllocCat(cur_cookie->domain, value); } else { StrAllocCopy(cur_cookie->domain, value); } } else { StrAllocCopy(cur_cookie->domain, value); } } else { StrAllocCopy(cur_cookie->domain, value); } length += strlen(cur_cookie->domain); cur_cookie->flags |= COOKIE_FLAG_DOMAIN_SET; } } else if (len == 4 && !strncasecomp(attr_start, "path", 4)) { known_attr = YES; if (cur_cookie != NULL && value && /* * Don't process a repeat path. - FM */ !(cur_cookie->flags & COOKIE_FLAG_PATH_SET)) { length -= strlen(cur_cookie->path); StrAllocCopy(cur_cookie->path, value); length += (cur_cookie->pathlen = strlen(cur_cookie->path)); cur_cookie->flags |= COOKIE_FLAG_PATH_SET; } } else if (len == 4 && !strncasecomp(attr_start, "port", 4)) { if (cur_cookie != NULL && value && /* * Don't process a repeat port. - FM */ cur_cookie->PortList == NULL) { char *cp = value; while ((*cp != '\0') && (isdigit((unsigned char)*cp) || *cp == ',' || *cp == ' ')) { cp++; } if (*cp == '\0') { StrAllocCopy(cur_cookie->PortList, value); length += strlen(cur_cookie->PortList); known_attr = YES; } else { known_attr = NO; } } else if (cur_cookie != NULL) { /* * Don't process a repeat port. - FM */ if (cur_cookie->PortList == NULL) { char temp[256]; sprintf(temp, "%d", port); StrAllocCopy(cur_cookie->PortList, temp); length += strlen(cur_cookie->PortList); } known_attr = YES; } } else if (len == 7 && !strncasecomp(attr_start, "version", 7)) { known_attr = YES; if (cur_cookie != NULL && value && /* * Don't process a repeat version. - FM */ cur_cookie->version < 0) { int temp = strtol(value, NULL, 10); if (errno != -ERANGE) { cur_cookie->version = temp; } } } else if (len == 7 && !strncasecomp(attr_start, "max-age", 7)) { known_attr = YES; if ((cur_cookie != NULL) && !MaxAgeAttrSet && value) { int temp = strtol(value, NULL, 10); cur_cookie->flags |= COOKIE_FLAG_EXPIRES_SET; if (errno == -ERANGE) { cur_cookie->expires = (time_t)0; } else { cur_cookie->expires = (time(NULL) + temp); } MaxAgeAttrSet = TRUE; } } else if (len == 7 && !strncasecomp(attr_start, "expires", 7)) { /* * Convert an 'expires' attribute value if we haven't * received a 'max-age'. Note that 'expires' should not * be used in Version 1 cookies, but it might be used for * "backward compatibility", and, in turn, ill-informed * people surely would start using it instead of, rather * than in addition to, 'max-age'. - FM */ known_attr = YES; if ((cur_cookie != NULL) && !(MaxAgeAttrSet) && !(cur_cookie->flags & COOKIE_FLAG_EXPIRES_SET)) { if (value) { cur_cookie->flags |= COOKIE_FLAG_EXPIRES_SET; cur_cookie->expires = LYmktime(value, FALSE); } } } /* * If none of the above comparisons succeeded, and we have * a value, then we have an unknown pair of the form 'foo=bar', * which means it's time to create a new cookie. If we don't * have a non-zero-length value, assume it's an error or a * new, unknown attribute which doesn't take a value, and * ignore it. - FM */ if (!known_attr && value_end > value_start) { /* * If we've started a cookie, and it's not too big, * save it in the CombinedCookies list. - FM */ if (length <= 4096 && cur_cookie != NULL) { /* * If we had a Set-Cookie2 header, make sure * the version is at least 1, and mark it for * quoting. - FM */ if (SetCookie2 != NULL) { if (cur_cookie->version < 1) { cur_cookie->version = 1; } cur_cookie->quoted = TRUE; } HTList_appendObject(CombinedCookies, cur_cookie); } else if (cur_cookie != NULL) { if (TRACE) { fprintf(stderr, "LYProcessSetCookies: Rejecting Set-Cookie: %s=%s\n", (cur_cookie->name ? cur_cookie->name : "[no name]"), (cur_cookie->value ? cur_cookie->value : "[no value]")); fprintf(stderr, " due to excessive length!\n"); } freeCookie(cur_cookie); cur_cookie = NULL; } /* * Start a new cookie. - FM */ cur_cookie = newCookie(); length = 0; MemAllocCopy(&(cur_cookie->name), attr_start, attr_end); length += strlen(cur_cookie->name); MemAllocCopy(&(cur_cookie->value), value_start, value_end); length += strlen(cur_cookie->value); StrAllocCopy(cur_cookie->domain, hostname); length += strlen(cur_cookie->domain); StrAllocCopy(cur_cookie->path, path); length += (cur_cookie->pathlen = strlen(cur_cookie->path)); cur_cookie->port = port; MaxAgeAttrSet = FALSE; cur_cookie->quoted = Quoted; Quoted = FALSE; } FREE(value); } } /* * Handle the final Set-Cookie cookie if within length limit. - FM */ if (NumCookies <= 50 && length <= 4096 && cur_cookie != NULL) { if (SetCookie2 != NULL) { if (cur_cookie->version < 1) { cur_cookie->version = 1; } cur_cookie->quoted = TRUE; } HTList_appendObject(CombinedCookies, cur_cookie); } else if (cur_cookie != NULL) { if (TRACE) { fprintf(stderr, "LYProcessSetCookies: Rejecting Set-Cookie: %s=%s\n", (cur_cookie->name ? cur_cookie->name : "[no name]"), (cur_cookie->value ? cur_cookie->value : "[no value]")); fprintf(stderr, " due to excessive %s%s%s\n", (length > 4096 ? "length" : ""), (length > 4096 && NumCookies > 50 ? " and " : ""), (NumCookies > 50 ? "number!\n" : "!\n")); } freeCookie(cur_cookie); cur_cookie = NULL; } /* * OK, now we can actually store any cookies * in the CombinedCookies list. - FM */ cl = CombinedCookies; while (NULL != (co = (cookie *)HTList_nextObject(cl))) { if (TRACE) { fprintf(stderr, "LYProcessSetCookie: attr=value pair: '%s=%s'\n", (co->name ? co->name : "[no name]"), (co->value ? co->value : "[no value]")); if (co->expires > 0) { fprintf(stderr, " expires: %ld, %s\n", (long)co->expires, ctime(&co->expires)); } } if (!strncasecomp(address, "https:", 6) && LYForceSSLCookiesSecure == TRUE && !(co->flags & COOKIE_FLAG_SECURE)) { co->flags |= COOKIE_FLAG_SECURE; if (TRACE) { fprintf(stderr, " Forced the 'secure' flag on.\n"); } } store_cookie(co, hostname, path); } HTList_delete(CombinedCookies); CombinedCookies = NULL; return;}/*** Entry function for handling Set-Cookie: and/or Set-Cookie2:** reply headers. They may have been concatenated as comma** separated lists in HTTP.c or HTMIME.c. - FM*/PUBLIC void LYSetCookie ARGS3( CONST char *, SetCookie, CONST char *, SetCookie2, CONST char *, address){ BOOL BadHeaders = FALSE; char *hostname = NULL, *path = NULL, *ptr; int port = 80; /* * Get the hostname, port and path of the address, and report * the Set-Cookie and/or Set-Cookie2 header(s) if trace mode is * on, but set the cookie(s) only if LYSetCookies is TRUE. - FM */ if (((hostname = HTParse(address, "", PARSE_HOST)) != NULL) && (ptr = strchr(hostname, ':')) != NULL) { /* * Replace default port number. */ *ptr = '\0'; ptr++; port = atoi(ptr); } else if (!strncasecomp(address, "https:", 6)) { port = 443; } if (((path = HTParse(address, "", PARSE_PATH|PARSE_PUNCTUATION)) != NULL) && (ptr = strrchr(path, '/')) != NULL) { if (ptr == path) { *(ptr+1) = '\0'; /* Leave a single '/' alone */ } else { *ptr = '\0'; } } if (!(SetCookie && *SetCookie) && !(SetCookie2 && *SetCookie2)) { /* * Yuk, something must have gone wrong in * HTMIME.c or HTTP.c because both SetCookie * and SetCookie2 are NULL or zero-length. - FM */ BadHeaders = TRUE; } if (TRACE) { fprintf(stderr, "LYSetCookie called with host '%s', path '%s',\n", (hostname ? hostname : ""), (path ? path : "")); if (SetCookie) { fprintf(stderr, " and Set-Cookie: '%s'\n", (SetCookie ? SetCookie : "")); } if (SetCookie2) { fprintf(stderr, " and Set-Cookie2: '%s'\n", (SetCookie2 ? SetCookie2 : "")); } if (LYSetCookies == FALSE || BadHeaders == TRUE) { fprintf(stderr, " Ignoring this Set-Cookie/Set-Cookie2 request.\n"); } } /* * We're done if LYSetCookies is off or we have bad headers. - FM */ if (LYSetCookies == FALSE || BadHeaders == TRUE) { FREE(hostname); FREE(path); return; } /* * Process the header(s). */ LYProcessSetCookies(SetCookie, SetCookie2, address, hostname, path, port); FREE(hostname); FREE(path); return;}/*** Entry function from creating a Cookie: request header** if needed. - AK & FM*/PUBLIC char * LYCookie ARGS4( CONST char *, hostname, CONST char *, path, int, port, BOOL, secure){ char *header = NULL; HTList *hl = domain_list, *next = NULL; domain_entry *de; if (TRACE) { fprintf(stderr, "LYCookie: Searching for '%s:%d', '%s'.\n", (hostname ? hostname : "(null)"), port, (path ? path : "(null)")); } /* * Search the cookie_list elements in the domain_list * for any cookies associated with the //hostname:port/path */ while (hl) { de = (domain_entry *)hl->object; next = hl->next; if (de != NULL) { if (!HTList_isEmpty(de->cookie_list)) { /* * Scan the domain's cookie_list for * any cookies we should include in * our request header. */ header = scan_cookie_sublist(hostname, path, port, de->cookie_list, header, secure); } else if (de->bv == QUERY_USER) { /* * No cookies in this domain, and no default * accept/reject choice was set by the user, * so delete the domain. - FM */ FREE(de->domain); HTList_delete(de->cookie_list); de->cookie_list = NULL; HTList_removeObject(domain_list, de); de = NULL; } } hl = next; } if (header) return(header); /* * If we didn't set a header, perhaps all the cookies have * expired and we deleted the last of them above, so check * if we should delete and NULL the domain_list. - FM⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -