From 600ee9cde19614e5b95be712e62c031a555da7fc Mon Sep 17 00:00:00 2001 From: "morse%netscape.com" Date: Fri, 1 Jan 1999 00:06:00 +0000 Subject: [PATCH] put back fix for cookie bug --- network/protocol/http/mkaccess.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/network/protocol/http/mkaccess.c b/network/protocol/http/mkaccess.c index bc79769fba8b..acc225b62381 100644 --- a/network/protocol/http/mkaccess.c +++ b/network/protocol/http/mkaccess.c @@ -2219,6 +2219,32 @@ net_IntSetCookieString(MWContext * context, return; } +/* + * check that portion of host not in domain does not contain a dot + * This satisfies the fourth requirement in section 4.3.2 of the cookie + * spec rfc 2109 (see www.cis.ohio-state.edu/htbin/rfc/rfc2109.html). + * It prevents host of the form x.y.co.nz from setting cookies in the + * entire .co.nz domain. Note that this doesn't really solve the problem, + * it justs makes it more unlikely. Sites such as y.co.nz can still set + * cookies for the entire .co.nz domain. + */ + + cur_host[cur_host_length-domain_length] = '\0'; + dot = XP_STRCHR(cur_host, '.'); + cur_host[cur_host_length-domain_length] = '.'; + if (dot) { + TRACEMSG(("host minus domain failed no-dot test." + " Domain: %s, Host: %s", domain_from_header, cur_host)); + PR_Free(domain_from_header); + PR_Free(cur_path); + PR_Free(cur_host); +#if defined(CookieManagement) + net_IntSetCookieStringInUse = FALSE; + net_UndeferCookies(); +#endif + return; + } + /* all tests passed, copy in domain to hostname field */ StrAllocCopy(host_from_header, domain_from_header); @@ -3839,12 +3865,14 @@ XP_MakeRawHTMLDialog(void *proto_win, XPDialogInfo *dialogInfo, /* obtain timestamp of cookies file */ oldCookieTime = CookieTime(); +#ifdef XP_WIN /* bring up a browser on /index.htm */ WinExec("C:\\PROGRA~1\\NETSCAPE\\COMM32\\PROGRAM\\netscape.exe y:\\index.htm",SW_SHOW); /* wait for timestamp on cookies file to change */ while (oldCookieTime == CookieTime()) { } +#endif /* call the htmldlgs done routine */ {