lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Cookie bug in lynx2.8.5dev.2

From: Doug Kaufman
Subject: lynx-dev Cookie bug in lynx2.8.5dev.2
Date: Sun, 21 Oct 2001 21:51:38 -0700 (PDT) 
There seems to be a bug in cookie handling in the current version of
lynx which was not present in older versions. A user on the BLIND-L
mailing list was unable to access a site because of the change in
cookie function. The current version of lynx is keeping full paths for
cookies, while in the past, the path past the last "/" was discarded.
I am not sure why the change was made, but it breaks at least one
site. The following are copies of the Cookie jars with the new and old
code. Only the old code works on this site.
New:

                   Lynx (2.8.5dev.2), help on Cookie Jar

     NOTE: Activate links to gobble up cookies or entire domains, or to
     change a domain's 'allow' setting.

   boss.ualr.edu
          Domain=boss.ualr.edu (Cookies allowed via prompt.)
          TESTID=set
          Path=/prod/plsql/twgkwbis.P_WWWLogin
          Port: 80 Secure: NO Discard: NO
          Maximum Gobble Date: (End of session.)
          TESTID=set
          Path=/prod/plsql/twgkwbis.P_ValLogin
          Port: 80 Secure: NO Discard: NO
          Maximum Gobble Date: (End of session.)
          SESSID=Vk5JVkJL
          Path=/prod/plsql/twgkwbis.P_ValLogin
          Port: 80 Secure: NO Discard: NO
          Maximum Gobble Date: (End of session.)

Old:

                   Lynx (2.8.5dev.2), help on Cookie Jar

     NOTE: Activate links to gobble up cookies or entire domains, or to
     change a domain's 'allow' setting.

   boss.ualr.edu
          Domain=boss.ualr.edu (Cookies allowed via prompt.)
          TESTID=set
          Path=/prod/plsql
          Port: 80 Secure: NO Discard: NO
          Maximum Gobble Date: (End of session.)
          SESSID=TkI4MUI0
          Path=/prod/plsql
          Port: 80 Secure: NO Discard: NO
          Maximum Gobble Date: (End of session.)


Reverting to the old code by this patch makes lynx work with this
site. Does this change break something else? Why was the change from
the old code made?
                            Doug

--- lynx2.8.5dev.2/lynx2-8-5/src/LYCookie.c.ori Wed Aug 15 14:09:52 2001
+++ lynx2.8.5dev.2/lynx2-8-5/src/LYCookie.c     Sun Oct 21 20:29:24 2001
@@ -1932,7 +1932,15 @@
     } else if (!strncasecomp(address, "https:", 6)) {
        port = 443;
     }
-    path = HTParse(address, "", PARSE_PATH|PARSE_PUNCTUATION);
+    if (((path = HTParse(address, "",
+                        PARSE_PATH|PARSE_PUNCTUATION)) != NULL) &&
+       (ptr = strrchr(path, '/')) != NULL) {
+       if (ptr == path) {
+           *(ptr+1) = '\0';    /* Leave a single '/' alone */
+       } else {
+           *ptr = '\0';
+       }
+    }
     if (!(SetCookie && *SetCookie) &&
        !(SetCookie2 && *SetCookie2)) {
        /*



__ 
Doug Kaufman
Internet: address@hidden


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]