diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 22:54:41 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 22:54:41 +0000 |
commit | 244bdba776495c6a8ca4764d5d61eccf4e494e35 (patch) | |
tree | 81a311a018b720b72169069b7883669e4102ef8b /main/http.c | |
parent | f7fd994000ed9c1ec0af70f6287eb08cd1017786 (diff) |
Merged revisions 114601 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r114601 | russell | 2008-04-23 17:53:20 -0500 (Wed, 23 Apr 2008) | 14 lines
Merged revisions 114600 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r114600 | russell | 2008-04-23 17:18:12 -0500 (Wed, 23 Apr 2008) | 6 lines
Improve some broken cookie parsing code. Previously, manager login over HTTP
would only work if the mansession_id cookie was first. Now, the code builds
a list of all of the cookies in the Cookie header. This fixes a problem
observed by users of the Asterisk GUI.
(closes AST-20)
........
................
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@114602 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/http.c')
-rw-r--r-- | main/http.c | 85 |
1 files changed, 42 insertions, 43 deletions
diff --git a/main/http.c b/main/http.c index 806b3447e..edcbf386f 100644 --- a/main/http.c +++ b/main/http.c @@ -699,12 +699,49 @@ static int ssl_close(void *cookie) }*/ #endif /* DO_SSL */ +static struct ast_variable *parse_cookies(char *cookies) +{ + char *cur; + struct ast_variable *vars = NULL, *var; + + /* Skip Cookie: */ + cookies += 8; + + while ((cur = strsep(&cookies, ";"))) { + char *name, *val; + + name = val = cur; + strsep(&val, "="); + + if (ast_strlen_zero(name) || ast_strlen_zero(val)) { + continue; + } + + name = ast_strip(name); + val = ast_strip_quoted(val, "\"", "\""); + + if (ast_strlen_zero(name) || ast_strlen_zero(val)) { + continue; + } + + if (option_debug) { + ast_log(LOG_DEBUG, "mmm ... cookie! Name: '%s' Value: '%s'\n", name, val); + } + + var = ast_variable_new(name, val, __FILE__); + var->next = vars; + vars = var; + } + + return vars; +} + static void *httpd_helper_thread(void *data) { char buf[4096]; char cookie[4096]; struct ast_tcptls_session_instance *ser = data; - struct ast_variable *var, *prev=NULL, *vars=NULL, *headers = NULL; + struct ast_variable *vars=NULL, *headers = NULL; char *uri, *title=NULL; int status = 200, contentlength = 0; struct ast_str *out = NULL; @@ -727,15 +764,13 @@ static void *httpd_helper_thread(void *data) /* process "Cookie: " lines */ while (fgets(cookie, sizeof(cookie), ser->f)) { - char *vname, *vval; - int l; - /* Trim trailing characters */ ast_trim_blanks(cookie); if (ast_strlen_zero(cookie)) break; if (strncasecmp(cookie, "Cookie: ", 8)) { char *name, *value; + struct ast_variable *var; value = ast_strdupa(cookie); name = strsep(&value, ":"); @@ -752,46 +787,10 @@ static void *httpd_helper_thread(void *data) continue; } - /* TODO - The cookie parsing code below seems to work - in IE6 and FireFox 1.5. However, it is not entirely - correct, and therefore may not work in all - circumstances. - For more details see RFC 2109 and RFC 2965 */ - - /* FireFox cookie strings look like: - Cookie: mansession_id="********" - InternetExplorer's look like: - Cookie: $Version="1"; mansession_id="********" */ - - /* If we got a FireFox cookie string, the name's right - after "Cookie: " */ - vname = ast_skip_blanks(cookie + 8); - - /* If we got an IE cookie string, we need to skip to - past the version to get to the name */ - if (*vname == '$') { - strsep(&vname, ";"); - if (!vname) /* no name ? */ - continue; - vname = ast_skip_blanks(vname); - } - vval = strchr(vname, '='); - if (!vval) - continue; - /* Ditch the = and the quotes */ - *vval++ = '\0'; - if (*vval) - vval++; - if ( (l = strlen(vval)) ) - vval[l - 1] = '\0'; /* trim trailing quote */ - var = ast_variable_new(vname, vval, ""); - if (var) { - if (prev) - prev->next = var; - else - vars = var; - prev = var; + if (vars) { + ast_variables_destroy(vars); } + vars = parse_cookies(cookie); } if (!*uri) { |