bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget expected behaviour on cookie mismatch


From: Ángel González
Subject: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Date: Tue, 12 Feb 2013 21:39:17 +0100
User-agent: Thunderbird

On 12/02/13 20:16, Darshit Shah wrote:
> Hi Tim,
> Thanks for your answer. I spent my day going through RFC 6265. And I'd like
> to clarify some things.
>
> >From what I read and understood, if the header does not domain-match, wget
> should ignore the cookie. AFAIK, wget does successfully ignore that cookie
> currently. However, I cannot understand the output of wget:
> "Cookie coming from localhost attempted to set domain to localhost"
> That is cookie->domain and host were a match and yet it failed the
> check_domain_match(cookie->domain, host)  call.
> Is this a bug? I'll attempt getting and reading a stacktrace for the same
> to get more information.
It doesn't make sense. It would pass on the strcasecmp (cookie_domain,
host) check.

Ok, it's a problem with quotearg_style()
If I remove the quotearg_style calls, it now says:
> Cookie coming from localhost attempted to set domain to example.com
Which is what would be expected from the test.

gnulib quotearg_style calls quotearg_n_options, whose comment say:
> The returned value points to static storage that can be
> reused by the next call to this function with the same value of N.
So it seems wget shouldn't be doing two calls to quotearg_style()

A simple solution would be to do:
> --- a/src/cookies.c
> +++ b/src/cookies.c
> @@ -687,8 +687,10 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
>        if (!check_domain_match (cookie->domain, host))
>          {
>            logprintf (LOG_NOTQUIET,
> -                     _("Cookie coming from %s attempted to set domain
> to %s\n"),
> -                     quotearg_style (escape_quoting_style, host),
> +                     _("Cookie coming from %s "),
> +                     quotearg_style (escape_quoting_style, host));
> +          logprintf (LOG_NOTQUIET,
> +                     _("attempted to set domain to %s\n"),
>                       quotearg_style (escape_quoting_style,
> cookie->domain));
>            xfree (cookie->domain);
>            goto copy_domain;
But I don't like it too much, as it will then puts the burden on (some)
translations.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]