Re: Bug in HTTP::Cookies (libwww-perl-5.48)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Gisle Aas: "Re: form help"
• Previous message: Gisle Aas: "Re: Call to HTTP::Request->url() should be ->uri()"
• In reply to: Max V.Fonin: "Bug in HTTP::Cookies (libwww-perl-5.48)"

"Max V.Fonin" <fonin@ziet.zhitomir.ua> writes:

> It seems to me I've found a bug in HTTP::Cookies in libwww-perl-5.48.
> 
> When broken web-server (for example Orion/1.3.38) returns to client
> cookie that looks like this (empty field):
> Set-Cookie: JSESSIONID=2134545; Path=
> 
> then cookie cannot be setted by $cookie_jar->extract_cookies($response).
> 
> Hash key {path} will be set to empty value by
> HTTP::Headers::Util::split_header_words, but it will be defined !!! And
> part of code that checks whether {path} is defined will work wrong
> (Cookies.pm, line 352).
> 
> my $path=delete $hash{path};
> my $path_spec;
> if(defined($path)) {
> ...
> 
> I think here should be the following (as I fixed it on my machine):
> 
> if($path ne '') {
> ...

That will scream under -w if $path is undefined.

> Try to stress-test libwww-perl on such responds, I sure you will find
> another bugs (with domain field for example - the check is in the same
> style).
> 
> I found this feature (or bug ?) when played with server
> http://www.ants.com.
> This affects libwww-perl version 5.48 (the latest as on August 12,
> 2000).

The best way to do it is to patch t/base/cookies.t as well to add test
cases for empty path and/or domain.  Then make sure 'make test' still
works.

Regards,
Gisle

• Next message: Gisle Aas: "Re: form help"
• Previous message: Gisle Aas: "Re: Call to HTTP::Request->url() should be ->uri()"
• In reply to: Max V.Fonin: "Bug in HTTP::Cookies (libwww-perl-5.48)"