| commit | 458eedf810b7417180a870077dbf957463adf08d | [log] [tgz] |
|---|---|---|
| author | Oleg Nemanov <lego12239@yandex.ru> | Mon Mar 04 15:24:50 2019 +0300 |
| committer | Oleg Nemanov <lego12239@yandex.ru> | Mon Mar 04 15:34:59 2019 +0300 |
| tree | 9acff425e79fee8617d48d6bd7a5fc592f43d981 | |
| parent | 985fa8acb2d9c71b36548e4f90f0f96ef9c4eab6 [diff] |
fix cookie value parsing Cookie value(according to RFC6265) can contain US-ASCII characters excluding CTLs, whitespace, DQUOTE, comma, semicolon and backslash: cookie-header = "Cookie:" OWS cookie-string OWS cookie-string = cookie-pair *( ";" SP cookie-pair ) cookie-pair = cookie-name "=" cookie-value cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E But mochiweb_cookie:parse_cookie() use smaller allowed characters list. For example, if cookie value is base64 string like MQ==, then parse_cookie() makes it MQ. Fix this by using a separate function for value parsing instead of read_token().
MochiWeb is an Erlang library for building lightweight HTTP servers.
The latest version of MochiWeb is available at http://github.com/mochi/mochiweb
The mailing list for MochiWeb is at http://groups.google.com/group/mochiweb/
To create a new mochiweb using project: make app PROJECT=project_name
To create a new mochiweb using project in a specific directory: make app PROJECT=project_name PREFIX=$HOME/projects/
MochiWeb is currently tested with Erlang/OTP R15B03 through 21.2.3.
OTP 21.2 (up to and including 21.2.2) introduced an SSL regression that makes these releases unsafe to use. See ERL-830. This issue was resolved in OTP 21.2.3.