Bug 610218 - Quotes in "path" for Set-Cookie are taken literally; r=dwitte
authorAdam Barth <abarth-mozilla@adambarth.com>
Thu, 14 Apr 2011 15:58:42 -0400
changeset 68420 283a54188c6c5546b5cefcd157e519d7ee2275d7
parent 68419 53339e6932c32565e700bc0eb675d133c18cc265
child 68421 4af1022fca8374d88a8eab540cce7e60e6eb28e6
push id76
push userbzbarsky@mozilla.com
push dateTue, 05 Jul 2011 17:00:57 +0000
treeherdermozilla-beta@d3a2732c35f1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdwitte
bugs610218
milestone6.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 610218 - Quotes in "path" for Set-Cookie are taken literally; r=dwitte
netwerk/cookie/nsCookieService.cpp
netwerk/test/TestCookie.cpp
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3191,17 +3191,17 @@ nsCookieService::CheckDomain(nsCookieAtt
   return PR_TRUE;
 }
 
 PRBool
 nsCookieService::CheckPath(nsCookieAttributes &aCookieAttributes,
                            nsIURI             *aHostURI)
 {
   // if a path is given, check the host has permission
-  if (aCookieAttributes.path.IsEmpty()) {
+  if (aCookieAttributes.path.IsEmpty() || aCookieAttributes.path.First() != '/') {
     // strip down everything after the last slash to get the path,
     // ignoring slashes in the query string part.
     // if we can QI to nsIURL, that'll take care of the query string portion.
     // otherwise, it's not an nsIURL and can't have a query string, so just find the last slash.
     nsCOMPtr<nsIURL> hostURL = do_QueryInterface(aHostURI);
     if (hostURL) {
       hostURL->GetDirectory(aCookieAttributes.path);
     } else {
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -367,17 +367,24 @@ main(PRInt32 argc, char *argv[])
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=..domain.com", nsnull);
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[12] = CheckResult(cookie.get(), MUST_BE_NULL);
 
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=..domain.com.", nsnull);
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[13] = CheckResult(cookie.get(), MUST_BE_NULL);
 
-      allTestsPassed = PrintResult(rv, 14) && allTestsPassed;
+      SetACookie(cookieService, "http://path.net/path/file", nsnull, "test=taco; path=\"/bogus\"", nsnull);
+      GetACookie(cookieService, "http://path.net/path/file", nsnull, getter_Copies(cookie));
+      rv[14] = CheckResult(cookie.get(), MUST_EQUAL, "test=taco");
+      SetACookie(cookieService, "http://path.net/path/file", nsnull, "test=taco; max-age=-1", nsnull);
+      GetACookie(cookieService, "http://path.net/path/file", nsnull, getter_Copies(cookie));
+      rv[15] = CheckResult(cookie.get(), MUST_BE_NULL);
+
+      allTestsPassed = PrintResult(rv, 16) && allTestsPassed;
 
 
       // *** path tests
       sBuffer = PR_sprintf_append(sBuffer, "*** Beginning path tests...\n");
 
       // test some variations of the domain & path, for different paths of
       // a path cookie
       SetACookie(cookieService, "http://path.net/path/file", nsnull, "test=path; path=/path", nsnull);