diff options
| author | Lars Ingebrigtsen <larsi@gnus.org> | 2015-12-25 06:33:25 +0100 |
|---|---|---|
| committer | Lars Ingebrigtsen <larsi@gnus.org> | 2015-12-25 17:03:53 +0100 |
| commit | eeff251924352164b6bac84783860943b4d21662 (patch) | |
| tree | 3042376041f84a0c877dc7fe1e3bb963cc8a7d50 /lisp/url | |
| parent | 5b2401d38f52ca03c8b43cdfdf5a32ca73f10178 (diff) | |
| download | emacs-eeff251924352164b6bac84783860943b4d21662.tar.gz | |
Don't store cookies with empty names
* lisp/url/url-cookie.el (url-cookie-store): Refuse to store
cookies with empty names (bug#21936).
Backport:
(cherry picked from commit 9f0fd7cb1aec3eb9e2e0f7b8854c30870286d96c)
Diffstat (limited to 'lisp/url')
| -rw-r--r-- | lisp/url/url-cookie.el | 71 |
1 files changed, 36 insertions, 35 deletions
diff --git a/lisp/url/url-cookie.el b/lisp/url/url-cookie.el index df9cf621037..1f8ddfdb109 100644 --- a/lisp/url/url-cookie.el +++ b/lisp/url/url-cookie.el @@ -119,41 +119,42 @@ telling Microsoft that." (defun url-cookie-store (name value &optional expires domain localpart secure) "Store a cookie." - (let ((storage (if secure url-cookie-secure-storage url-cookie-storage)) - tmp found-domain) - ;; First, look for a matching domain. - (if (setq found-domain (assoc domain storage)) - ;; Need to either stick the new cookie in existing domain storage - ;; or possibly replace an existing cookie if the names match. - (unless (dolist (cur (setq storage (cdr found-domain)) tmp) - (and (equal localpart (url-cookie-localpart cur)) - (equal name (url-cookie-name cur)) - (progn - (setf (url-cookie-expires cur) expires) - (setf (url-cookie-value cur) value) - (setq tmp t)))) - ;; New cookie. - (setcdr found-domain (cons - (url-cookie-create :name name - :value value - :expires expires - :domain domain - :localpart localpart - :secure secure) - (cdr found-domain)))) - ;; Need to add a new top-level domain. - (setq tmp (url-cookie-create :name name - :value value - :expires expires - :domain domain - :localpart localpart - :secure secure)) - (cond (storage - (setcdr storage (cons (list domain tmp) (cdr storage)))) - (secure - (setq url-cookie-secure-storage (list (list domain tmp)))) - (t - (setq url-cookie-storage (list (list domain tmp)))))))) + (when (> (length name) 0) + (let ((storage (if secure url-cookie-secure-storage url-cookie-storage)) + tmp found-domain) + ;; First, look for a matching domain. + (if (setq found-domain (assoc domain storage)) + ;; Need to either stick the new cookie in existing domain storage + ;; or possibly replace an existing cookie if the names match. + (unless (dolist (cur (setq storage (cdr found-domain)) tmp) + (and (equal localpart (url-cookie-localpart cur)) + (equal name (url-cookie-name cur)) + (progn + (setf (url-cookie-expires cur) expires) + (setf (url-cookie-value cur) value) + (setq tmp t)))) + ;; New cookie. + (setcdr found-domain (cons + (url-cookie-create :name name + :value value + :expires expires + :domain domain + :localpart localpart + :secure secure) + (cdr found-domain)))) + ;; Need to add a new top-level domain. + (setq tmp (url-cookie-create :name name + :value value + :expires expires + :domain domain + :localpart localpart + :secure secure)) + (cond (storage + (setcdr storage (cons (list domain tmp) (cdr storage)))) + (secure + (setq url-cookie-secure-storage (list (list domain tmp)))) + (t + (setq url-cookie-storage (list (list domain tmp))))))))) (defun url-cookie-expired-p (cookie) "Return non-nil if COOKIE is expired." |