diff options
author | ipknHama <ipknhama@gmail.com> | 2017-09-18 02:39:46 +0900 |
---|---|---|
committer | ipknHama <ipknhama@gmail.com> | 2017-09-18 02:39:46 +0900 |
commit | e93ba25f2cd156a6544a3c9894cd667906146874 (patch) | |
tree | e3b4910792d079b703d3cf89ddbd7655e11051bf /include | |
parent | 9c26e1ebdea1c43ac1a30a8f2ab83debc923cd56 (diff) | |
download | crow-e93ba25f2cd156a6544a3c9894cd667906146874.tar.gz crow-e93ba25f2cd156a6544a3c9894cd667906146874.zip |
Fix cookie parsing: Cookie doesn't have escaping mechanism.
Diffstat (limited to 'include')
-rw-r--r-- | include/crow/middleware.h | 85 |
1 files changed, 21 insertions, 64 deletions
diff --git a/include/crow/middleware.h b/include/crow/middleware.h index 5e3ea32..3858018 100644 --- a/include/crow/middleware.h +++ b/include/crow/middleware.h @@ -35,10 +35,11 @@ namespace crow std::unordered_map<std::string, std::string> jar; std::unordered_map<std::string, std::string> cookies_to_add; - std::string get_cookie(const std::string& key) + std::string get_cookie(const std::string& key) const { - if (jar.count(key)) - return jar[key]; + auto cookie = jar.find(key); + if (cookie != jar.end()) + return cookie->second; return {}; } @@ -73,69 +74,22 @@ namespace crow if (pos == cookies.size()) break; - std::string value; + size_t pos_semicolon = cookies.find(';', pos); + std::string value = cookies.substr(pos, pos_semicolon-pos); - if (cookies[pos] == '"') + boost::trim(value); + if (value[0] == '"' && value[value.size()-1] == '"') { - int dquote_meet_count = 0; - pos ++; - size_t pos_dquote = pos-1; - do - { - pos_dquote = cookies.find('"', pos_dquote+1); - dquote_meet_count ++; - } while(pos_dquote < cookies.size() && cookies[pos_dquote-1] == '\\'); - if (pos_dquote == cookies.npos) - break; - - if (dquote_meet_count == 1) - value = cookies.substr(pos, pos_dquote - pos); - else - { - value.clear(); - value.reserve(pos_dquote-pos); - for(size_t p = pos; p < pos_dquote; p++) - { - // FIXME minimal escaping - if (cookies[p] == '\\' && p + 1 < pos_dquote) - { - p++; - if (cookies[p] == '\\' || cookies[p] == '"') - value += cookies[p]; - else - { - value += '\\'; - value += cookies[p]; - } - } - else - value += cookies[p]; - } - } - - ctx.jar.emplace(std::move(name), std::move(value)); - pos = cookies.find(";", pos_dquote+1); - if (pos == cookies.npos) - break; - pos++; - while(pos < cookies.size() && cookies[pos] == ' ') pos++; - if (pos == cookies.size()) - break; - } - else - { - size_t pos_semicolon = cookies.find(';', pos); - value = cookies.substr(pos, pos_semicolon - pos); - boost::trim(value); - ctx.jar.emplace(std::move(name), std::move(value)); - pos = pos_semicolon; - if (pos == cookies.npos) - break; - pos ++; - while(pos < cookies.size() && cookies[pos] == ' ') pos++; - if (pos == cookies.size()) - break; + value = value.substr(1, value.size()-2); } + + ctx.jar.emplace(std::move(name), std::move(value)); + + pos = pos_semicolon; + if (pos == cookies.npos) + break; + pos++; + while(pos < cookies.size() && cookies[pos] == ' ') pos++; } } @@ -143,7 +97,10 @@ namespace crow { for(auto& cookie:ctx.cookies_to_add) { - res.add_header("Set-Cookie", cookie.first + "=" + cookie.second); + if (cookie.second.empty()) + res.add_header("Set-Cookie", cookie.first + "=\"\""); + else + res.add_header("Set-Cookie", cookie.first + "=" + cookie.second); } } }; |