From e98fca84a3d8aee764e6f57da647415bfa37821f Mon Sep 17 00:00:00 2001 From: hniksic Date: Mon, 18 Jun 2001 11:49:33 -0700 Subject: [PATCH] [svn] Allow more characters in attribute name. Published in . --- src/ChangeLog | 5 +++++ src/cookies.c | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 2eedc987..66cfca9d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2001-06-18 Hrvoje Niksic + + * cookies.c (ATTR_NAME_CHAR): Allow almost any character to be in + an attribute name. + 2001-06-18 Hrvoje Niksic * url.c (url_filename): Make sure that slashes that sneak in to diff --git a/src/cookies.c b/src/cookies.c index b70c3423..0a021839 100644 --- a/src/cookies.c +++ b/src/cookies.c @@ -418,9 +418,16 @@ update_cookie_field (struct cookie *cookie, #undef NAME_IS /* Returns non-zero for characters that are legal in the name of an - attribute. */ + attribute. This used to allow only alphanumerics, '-', and '_', + but we need to be more lenient because a number of sites wants to + use weirder attribute names. rfc2965 "informally specifies" + attribute name (token) as "a sequence of non-special, non-white + space characters". So we allow everything except the stuff we know + could harm us. */ -#define ATTR_NAME_CHAR(c) (ISALNUM (c) || (c) == '-' || (c) == '_') +#define ATTR_NAME_CHAR(c) ((c) > 32 && (c) < 127 \ + && (c) != '"' && (c) != '=' \ + && (c) != ';' && (c) != ',') /* Fetch the next character without doing anything special if CH gets set to 0. (The code executed next is expected to handle it.) */