diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 22:18:12 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 22:18:12 +0000 |
commit | c5a9602357dbf1f3269113de470ee1e23fa2ab1c (patch) | |
tree | 72fc8548e779e54c200e1e352bf0450862056381 /main/http.c | |
parent | 2b995a79da30cb9dff486b80f87d10e75e2fa1f3 (diff) |
Improve some broken cookie parsing code. Previously, manager login over HTTP
would only work if the mansession_id cookie was first. Now, the code builds
a list of all of the cookies in the Cookie header. This fixes a problem
observed by users of the Asterisk GUI.
(closes AST-20)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@114600 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/http.c')
-rw-r--r-- | main/http.c | 87 |
1 files changed, 39 insertions, 48 deletions
diff --git a/main/http.c b/main/http.c index 2c7683e3b..a0d6aad19 100644 --- a/main/http.c +++ b/main/http.c @@ -379,15 +379,51 @@ static char *handle_uri(struct sockaddr_in *sin, char *uri, int *status, return c; } +static struct ast_variable *parse_cookies(char *cookies) +{ + char *cur; + struct ast_variable *vars = NULL, *var; + + /* Skip Cookie: */ + cookies += 8; + + while ((cur = strsep(&cookies, ";"))) { + char *name, *val; + + name = val = cur; + strsep(&val, "="); + + if (ast_strlen_zero(name) || ast_strlen_zero(val)) { + continue; + } + + name = ast_strip(name); + val = ast_strip_quoted(val, "\"", "\""); + + if (ast_strlen_zero(name) || ast_strlen_zero(val)) { + continue; + } + + if (option_debug) { + ast_log(LOG_DEBUG, "mmm ... cookie! Name: '%s' Value: '%s'\n", name, val); + } + + var = ast_variable_new(name, val); + var->next = vars; + vars = var; + } + + return vars; +} + static void *ast_httpd_helper_thread(void *data) { char buf[4096]; char cookie[4096]; char timebuf[256]; struct ast_http_server_instance *ser = data; - struct ast_variable *var, *prev=NULL, *vars=NULL; + struct ast_variable *vars = NULL; char *uri, *c, *title=NULL; - char *vname, *vval; int status = 200, contentlength = 0; time_t t; unsigned int static_content = 0; @@ -423,52 +459,7 @@ static void *ast_httpd_helper_thread(void *data) if (ast_strlen_zero(cookie)) break; if (!strncasecmp(cookie, "Cookie: ", 8)) { - - /* TODO - The cookie parsing code below seems to work - in IE6 and FireFox 1.5. However, it is not entirely - correct, and therefore may not work in all - circumstances. - For more details see RFC 2109 and RFC 2965 */ - - /* FireFox cookie strings look like: - Cookie: mansession_id="********" - InternetExplorer's look like: - Cookie: $Version="1"; mansession_id="********" */ - - /* If we got a FireFox cookie string, the name's right - after "Cookie: " */ - vname = cookie + 8; - - /* If we got an IE cookie string, we need to skip to - past the version to get to the name */ - if (*vname == '$') { - vname = strchr(vname, ';'); - if (vname) { - vname++; - if (*vname == ' ') - vname++; - } - } - - if (vname) { - vval = strchr(vname, '='); - if (vval) { - /* Ditch the = and the quotes */ - *vval++ = '\0'; - if (*vval) - vval++; - if (strlen(vval)) - vval[strlen(vval) - 1] = '\0'; - var = ast_variable_new(vname, vval); - if (var) { - if (prev) - prev->next = var; - else - vars = var; - prev = var; - } - } - } + vars = parse_cookies(cookie); } } |