author | Vladimir Marek <Vladimir.Marek@oracle.com> |
Fri, 29 Nov 2013 22:42:59 +0100 | |
branch | s11-update |
changeset 2839 | 56a3d3f5eeb1 |
parent 2528 | 788328aeec2a |
permissions | -rw-r--r-- |
2528
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Escape new-lines in Cookie and P3P headers |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
|
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
This is relevant difference between CGI 3.62 and 3.63. |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
See <https://bugzilla.redhat.com/show_bug.cgi?id=876974>. |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
|
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
diff --git a/cpan/CGI/lib/CGI.pm b/cpan/CGI/lib/CGI.pm |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
index d8d91f4..5bc9b17 100644 |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
--- a/cpan/CGI/lib/CGI.pm |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
+++ b/cpan/CGI/lib/CGI.pm |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
@@ -1497,8 +1497,17 @@ sub header { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
'EXPIRES','NPH','CHARSET', |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
'ATTACHMENT','P3P'],@p); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
|
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
+ # Since $cookie and $p3p may be array references, |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
+ # we must stringify them before CR escaping is done. |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
+ my @cookie; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
+ for (ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
+ my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
+ push(@cookie,$cs) if defined $cs and $cs ne ''; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
+ } |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
+ $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY'; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
+ |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
# CR escaping for values, per RFC 822 |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
- for my $header ($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
+ for my $header ($type,$status,@cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
if (defined $header) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
# From RFC 822: |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
# Unfolding is accomplished by regarding CRLF immediately |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
@@ -1542,18 +1551,9 @@ sub header { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
|
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
push(@header,"Status: $status") if $status; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
32 |
push(@header,"Window-Target: $target") if $target; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
33 |
- if ($p3p) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
34 |
- $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY'; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
35 |
- push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p")); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
36 |
- } |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
37 |
+ push(@header,"P3P: policyref=\"/w3c/p3p.xml\", CP=\"$p3p\"") if $p3p; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
38 |
# push all the cookies -- there may be several |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
39 |
- if ($cookie) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
40 |
- my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
41 |
- for (@cookie) { |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
42 |
- my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
43 |
- push(@header,"Set-Cookie: $cs") if $cs ne ''; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
44 |
- } |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
45 |
- } |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
46 |
+ push(@header,map {"Set-Cookie: $_"} @cookie); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
47 |
# if the user indicates an expiration time, then we need |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
48 |
# both an Expires and a Date header (so that the browser is |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
49 |
# uses OUR clock) |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
50 |
diff --git a/t/headers.t b/t/headers.t |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
51 |
index 661b74b..4b4922c 100644 |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
52 |
--- a/cpan/CGI/t/headers.t |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
53 |
+++ b/cpan/CGI/t/headers.t |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
54 |
@@ -22,6 +22,12 @@ like($@,qr/contains a newline/,'invalid header blows up'); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
55 |
like $cgi->header( -type => "text/html".$CGI::CRLF." evil: stuff " ), |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
56 |
qr#Content-Type: text/html evil: stuff#, 'known header, with leading and trailing whitespace on the continuation line'; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
57 |
|
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
58 |
+eval { $cgi->header( -p3p => ["foo".$CGI::CRLF."bar"] ) }; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
59 |
+like($@,qr/contains a newline/,'P3P header with CRLF embedded blows up'); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
60 |
+ |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
61 |
+eval { $cgi->header( -cookie => ["foo".$CGI::CRLF."bar"] ) }; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
62 |
+like($@,qr/contains a newline/,'Set-Cookie header with CRLF embedded blows up'); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
63 |
+ |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
64 |
eval { $cgi->header( -foobar => "text/html".$CGI::CRLF."evil: stuff" ) }; |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
65 |
like($@,qr/contains a newline/,'unknown header with CRLF embedded blows up'); |
788328aeec2a
PSARC/2012/379 Add Perl 5.16 64-bit and make it the system default
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
66 |