Hi Juan,


Aleksandr Guidrevitch wrote:

We've found that LWP incorrectly handles cookies
containing ';' in the cookie value.
The patch (test case and fix) is attached

Could you point me to a web page that is already sending these kind of cookies?
Does it work under MSIE/Mozilla?

Nope, it is our internal project, not available to outer world.
Both we know that neither mozilla nor msie correctly handle such cookies :((

According RFC in **quoted** string you can put almost anything.
See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for defenition of cookie:

  av-pairs        =       av-pair *(";" av-pair)
  av-pair         =       attr ["=" value]        ; optional value
  attr            =       token
  value           =       word
  word            =       token | quoted-string

See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for defenition of quoted-string:

A string of text is parsed as a single word if it is quoted using double-quote marks.
         quoted-string  = ( <"> *(qdtext) <"> )
         qdtext         = <any TEXT except <">>
   The backslash character ("\") may be used as a single-character quoting mechanism 
only within quoted-string and comment constructs.
         quoted-pair    = "\" CHAR

So, since the patch doesn't break original libwww behaviour (according to the test suite)
and provides more proper implementation of rfc, it looked to me as a good candidate
for inclusion into libwww.

Aleksandr Guidrevitch

Reply via email to