JUANMARCOSMOREN wrote:
Aleksandr Guidrevitch wrote:
We've found that LWP incorrectly handles cookies
containing ';' in the cookie value.
The patch (test case and fix) is attached
Could you point me to a web page that is already sending these kind of cookies?
Does it work under MSIE/Mozilla?
Nope, it is our internal project, not available to outer world. Both we know that neither mozilla nor msie correctly handle such cookies :((
According RFC in **quoted** string you can put almost anything.
See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for defenition of cookie:
av-pairs = av-pair *(";" av-pair)
av-pair = attr ["=" value] ; optional value
attr = token
value = word
word = token | quoted-stringSee http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for defenition of quoted-string:
A string of text is parsed as a single word if it is quoted using double-quote marks.
quoted-string = ( <"> *(qdtext) <"> )
qdtext = <any TEXT except <">>
The backslash character ("\") may be used as a single-character quoting mechanism
only within quoted-string and comment constructs.
quoted-pair = "\" CHARSo, since the patch doesn't break original libwww behaviour (according to the test suite)
and provides more proper implementation of rfc, it looked to me as a good candidate
for inclusion into libwww.
Sincerely, Aleksandr Guidrevitch
