Aleksandr Guidrevitch wrote:
We've found that LWP incorrectly handles cookies
containing ';' in the cookie value.
The patch (test case and fix) is attached
Could you point me to a web page that is already sending these kind of cookies?
Does it work under MSIE/Mozilla?
Nope, it is our internal project, not available to outer world. Both we know that neither mozilla nor msie correctly handle such cookies :((
According RFC in **quoted** string you can put almost anything.
See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for defenition of cookie:
av-pairs = av-pair *(";" av-pair) av-pair = attr ["=" value] ; optional value attr = token value = word word = token | quoted-string
See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for defenition of quoted-string:
A string of text is parsed as a single word if it is quoted using double-quote marks. quoted-string = ( <"> *(qdtext) <"> ) qdtext = <any TEXT except <">> The backslash character ("\") may be used as a single-character quoting mechanism only within quoted-string and comment constructs. quoted-pair = "\" CHAR
So, since the patch doesn't break original libwww behaviour (according to the test suite)
and provides more proper implementation of rfc, it looked to me as a good candidate
for inclusion into libwww.
Sincerely, Aleksandr Guidrevitch