httpd/server/util_cookies.c

abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/* Licensed to the Apache Software Foundation (ASF) under one or more
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * contributor license agreements.  See the NOTICE file distributed with
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * this work for additional information regarding copyright ownership.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * The ASF licenses this file to You under the Apache License, Version 2.0
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * (the "License"); you may not use this file except in compliance with
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * the License.  You may obtain a copy of the License at
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *     http://www.apache.org/licenses/LICENSE-2.0
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Unless required by applicable law or agreed to in writing, software
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * distributed under the License is distributed on an "AS IS" BASIS,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * See the License for the specific language governing permissions and
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * limitations under the License.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin#include "util_cookies.h"
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin#include "apr_lib.h"
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin#include "apr_strings.h"
447d8ea77d7e9fcc7aa286122668d8fe0f8cc690fuankg#include "http_config.h"
7184de27ec1d62a83c41cdeac0953ca9fd661e8csf#include "http_core.h"
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin#include "http_log.h"
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin#define LOG_PREFIX "ap_cookie: "
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
7184de27ec1d62a83c41cdeac0953ca9fd661e8csf/* we know core's module_index is 0 */
7184de27ec1d62a83c41cdeac0953ca9fd661e8csf#undef APLOG_MODULE_INDEX
7184de27ec1d62a83c41cdeac0953ca9fd661e8csf#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
36ef8f77bffe75d1aa327882be1b5bdbe2ff567asf
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Write an RFC2109 compliant cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param r The request
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param name The name of the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param val The value to place in the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param attrs The string containing additional cookie attributes. If NULL, the
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *              DEFAULT_ATTRS will be used.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param maxage If non zero, a Max-Age header will be added to the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrinAP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val,
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin                                         const char *attrs, long maxage, ...)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *buffer;
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *rfc2109;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    apr_table_t *t;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_list vp;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* handle expiry */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    buffer = "";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (maxage) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* create RFC2109 compliant cookie */
ab364c14d11072380abeab42015e19c3db3336c1sf    rfc2109 = apr_pstrcat(r->pool, name, "=", val, ";", buffer,
ab364c14d11072380abeab42015e19c3db3336c1sf                          attrs && *attrs ? attrs : DEFAULT_ATTRS, NULL);
185aa71728867671e105178b4c66fbc22b65ae26sf    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00007) LOG_PREFIX
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                  "user '%s' set cookie: '%s'", r->user, rfc2109);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    /* write the cookie to the header table(s) provided */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_start(vp, maxage);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    while ((t = va_arg(vp, apr_table_t *))) {
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin        apr_table_addn(t, SET_COOKIE, rfc2109);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    }
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_end(vp);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Write an RFC2965 compliant cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param r The request
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param name2 The name of the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param val The value to place in the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param attrs2 The string containing additional cookie attributes. If NULL, the
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *               DEFAULT_ATTRS will be used.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param maxage If non zero, a Max-Age header will be added to the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrinAP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, const char *val,
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin                                          const char *attrs2, long maxage, ...)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *buffer;
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *rfc2965;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    apr_table_t *t;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_list vp;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* handle expiry */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    buffer = "";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (maxage) {
562e9ce367eaaf4d3ea0ed4eaf3dbf0a644cf4aajorton        buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* create RFC2965 compliant cookie */
ab364c14d11072380abeab42015e19c3db3336c1sf    rfc2965 = apr_pstrcat(r->pool, name2, "=", val, ";", buffer,
ab364c14d11072380abeab42015e19c3db3336c1sf                          attrs2 && *attrs2 ? attrs2 : DEFAULT_ATTRS, NULL);
185aa71728867671e105178b4c66fbc22b65ae26sf    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00008) LOG_PREFIX
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                  "user '%s' set cookie2: '%s'", r->user, rfc2965);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    /* write the cookie to the header table(s) provided */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_start(vp, maxage);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    while ((t = va_arg(vp, apr_table_t *))) {
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin        apr_table_addn(t, SET_COOKIE2, rfc2965);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    }
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_end(vp);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Remove an RFC2109 compliant cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param r The request
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param name The name of the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrinAP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs, ...)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    apr_table_t *t;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_list vp;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* create RFC2109 compliant cookie */
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *rfc2109 = apr_pstrcat(r->pool, name, "=;Max-Age=0;",
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin                                attrs ? attrs : CLEAR_ATTRS, NULL);
185aa71728867671e105178b4c66fbc22b65ae26sf    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00009) LOG_PREFIX
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                  "user '%s' removed cookie: '%s'", r->user, rfc2109);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    /* write the cookie to the header table(s) provided */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_start(vp, attrs);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    while ((t = va_arg(vp, apr_table_t *))) {
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin        apr_table_addn(t, SET_COOKIE, rfc2109);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    }
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_end(vp);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Remove an RFC2965 compliant cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param r The request
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * @param name2 The name of the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrinAP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char *attrs2, ...)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    apr_table_t *t;
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_list vp;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* create RFC2965 compliant cookie */
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *rfc2965 = apr_pstrcat(r->pool, name2, "=;Max-Age=0;",
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin                                attrs2 ? attrs2 : CLEAR_ATTRS, NULL);
185aa71728867671e105178b4c66fbc22b65ae26sf    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00010) LOG_PREFIX
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                  "user '%s' removed cookie2: '%s'", r->user, rfc2965);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    /* write the cookie to the header table(s) provided */
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_start(vp, attrs2);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    while ((t = va_arg(vp, apr_table_t *))) {
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin        apr_table_addn(t, SET_COOKIE2, rfc2965);
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    }
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin    va_end(vp);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/* Iterate through the cookies, isolate our cookie and then remove it.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * If our cookie appears two or more times, but with different values,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * remove it twice and set the duplicated flag to true. Remove any
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * $path or other attributes following our cookie if present. If we end
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * up with an empty cookie, remove the whole header.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrinstatic int extract_cookie_line(ap_cookie_do * v, const char *key, const char *val)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    char *last1, *last2;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    char *cookie = apr_pstrdup(v->r->pool, val);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    const char *name = apr_pstrcat(v->r->pool, v->name ? v->name : "", "=", NULL);
b02dfdb611f84136664b3c05e4d4d704aeabbf63wrowe    apr_size_t len = strlen(name);
963f8b44ac95132458ea3b6aaa8ebc135188e473takashi    const char *new_cookie = "";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    const char *comma = ",";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    char *next1;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    const char *semi = ";";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    char *next2;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    const char *sep = "";
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    int cookies = 0;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* find the cookie called name */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    int eat = 0;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    next1 = apr_strtok(cookie, comma, &last1);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    while (next1) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        next2 = apr_strtok(next1, semi, &last2);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        while (next2) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            char *trim = next2;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            while (apr_isspace(*trim)) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                trim++;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            if (!strncmp(trim, name, len)) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                if (v->encoded) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                    if (strcmp(v->encoded, trim + len)) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                        v->duplicated = 1;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                v->encoded = apr_pstrdup(v->r->pool, trim + len);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                eat = 1;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            else {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                if (*trim != '$') {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                    cookies++;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                    eat = 0;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                if (!eat) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                    new_cookie = apr_pstrcat(v->r->pool, new_cookie, sep, next2, NULL);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            next2 = apr_strtok(NULL, semi, &last2);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin            sep = semi;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        next1 = apr_strtok(NULL, comma, &last1);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        sep = comma;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* any cookies left over? */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (cookies) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        apr_table_addn(v->new_cookies, key, new_cookie);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return 1;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Read a cookie called name, placing its value in val.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Both the Cookie and Cookie2 headers are scanned for the cookie.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * If the cookie is duplicated, this function returns APR_EGENERAL. If found,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * and if remove is non zero, the cookie will be removed from the headers, and
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * thus kept private from the backend.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrinAP_DECLARE(apr_status_t) ap_cookie_read(request_rec * r, const char *name, const char **val,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                                        int remove)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    ap_cookie_do v;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    v.r = r;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    v.encoded = NULL;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    v.new_cookies = apr_table_make(r->pool, 10);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    v.duplicated = 0;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    v.name = name;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    apr_table_do((int (*) (void *, const char *, const char *))
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                 extract_cookie_line, (void *) &v, r->headers_in,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin                 "Cookie", "Cookie2", NULL);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (v.duplicated) {
185aa71728867671e105178b4c66fbc22b65ae26sf        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00011) LOG_PREFIX
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin         "client submitted cookie '%s' more than once: %s", v.name, r->uri);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        return APR_EGENERAL;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    /* remove our cookie(s), and replace them */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (remove) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        apr_table_unset(r->headers_in, "Cookie");
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        apr_table_unset(r->headers_in, "Cookie2");
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        r->headers_in = apr_table_overlay(r->pool, r->headers_in, v.new_cookies);
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    *val = v.encoded;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin/**
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * Sanity check a given string that it exists, is not empty,
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * and does not contain the special characters '=', ';' and '&'.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin * It is used to sanity check the cookie names.
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin */
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrinAP_DECLARE(apr_status_t) ap_cookie_check_string(const char *string)
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin{
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    if (!string || !*string || ap_strchr_c(string, '=') || ap_strchr_c(string, '&') ||
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        ap_strchr_c(string, ';')) {
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin        return APR_EGENERAL;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    }
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin    return APR_SUCCESS;
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin}