upstream/oracle/userland-gate: components/perl512/patches/15880426.patch@b8f324d4e07c (annotated)

1206 8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	1	Escape new-lines in Cookie and P3P headers
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	2
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	3	This is relevant difference between CGI 3.62 and 3.63.
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	4	See <https://bugzilla.redhat.com/show_bug.cgi?id=876974>.
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	5
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	6	diff --git a/cpan/CGI/lib/CGI.pm b/cpan/CGI/lib/CGI.pm
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	7	index d8d91f4..5bc9b17 100644
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	8	--- a/cpan/CGI/lib/CGI.pm
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	9	+++ b/cpan/CGI/lib/CGI.pm
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	10	@@ -1497,8 +1497,17 @@ sub header {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	11	'EXPIRES','NPH','CHARSET',
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	12	'ATTACHMENT','P3P'],@p);
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	13
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	14	+ # Since $cookie and $p3p may be array references,
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	15	+ # we must stringify them before CR escaping is done.
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	16	+ my @cookie;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	17	+ for (ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	18	+ my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	19	+ push(@cookie,$cs) if defined $cs and $cs ne '';
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	20	+ }
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	21	+ $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY';
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	22	+
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	23	# CR escaping for values, per RFC 822
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	24	- for my $header ($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	25	+ for my $header ($type,$status,@cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	26	if (defined $header) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	27	# From RFC 822:
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	28	# Unfolding is accomplished by regarding CRLF immediately
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	29	@@ -1542,18 +1551,9 @@ sub header {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	30
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	31	push(@header,"Status: $status") if $status;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	32	push(@header,"Window-Target: $target") if $target;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	33	- if ($p3p) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	34	- $p3p = join ' ',@$p3p if ref($p3p) eq 'ARRAY';
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	35	- push(@header,qq(P3P: policyref="/w3c/p3p.xml", CP="$p3p"));
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	36	- }
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	37	+ push(@header,"P3P: policyref=\"/w3c/p3p.xml\", CP=\"$p3p\"") if $p3p;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	38	# push all the cookies -- there may be several
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	39	- if ($cookie) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	40	- my(@cookie) = ref($cookie) && ref($cookie) eq 'ARRAY' ? @{$cookie} : $cookie;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	41	- for (@cookie) {
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	42	- my $cs = UNIVERSAL::isa($_,'CGI::Cookie') ? $_->as_string : $_;
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	43	- push(@header,"Set-Cookie: $cs") if $cs ne '';
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	44	- }
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	45	- }
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	46	+ push(@header,map {"Set-Cookie: $_"} @cookie);
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	47	# if the user indicates an expiration time, then we need
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	48	# both an Expires and a Date header (so that the browser is
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	49	# uses OUR clock)
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	50	diff --git a/t/headers.t b/t/headers.t
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	51	index 661b74b..4b4922c 100644
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	52	--- a/cpan/CGI/t/headers.t
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	53	+++ b/cpan/CGI/t/headers.t
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	54	@@ -22,6 +22,12 @@ like($@,qr/contains a newline/,'invalid header blows up');
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	55	like $cgi->header( -type => "text/html".$CGI::CRLF." evil: stuff " ),
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	56	qr#Content-Type: text/html evil: stuff#, 'known header, with leading and trailing whitespace on the continuation line';
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	57
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	58	+eval { $cgi->header( -p3p => ["foo".$CGI::CRLF."bar"] ) };
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	59	+like($@,qr/contains a newline/,'P3P header with CRLF embedded blows up');
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	60	+
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	61	+eval { $cgi->header( -cookie => ["foo".$CGI::CRLF."bar"] ) };
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	62	+like($@,qr/contains a newline/,'Set-Cookie header with CRLF embedded blows up');
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	63	+
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	64	eval { $cgi->header( -foobar => "text/html".$CGI::CRLF."evil: stuff" ) };
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	65	like($@,qr/contains a newline/,'unknown header with CRLF embedded blows up');
8f71b436e7f7 15820486 problem in UTILITY/PERL Brian Cameron <brian.cameron@oracle.com> parents: diff changeset	66

author	Jiri Sasek <Jiri.Sasek@Oracle.COM>
	Thu, 31 Jul 2014 01:53:13 -0700
changeset 4109	b8f324d4e07c
parent 1206	8f71b436e7f7
permissions	-rw-r--r--