Commit f72a26d3 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

- Stefan Krause pointed out that libcurl would wrongly send away cookies to 

  sites in cases where the cookie clearly has a very old expiry date. The
  condition was simply that libcurl's date parser would fail to convert the
  date and it would then count as a (timed-based) match. Starting now, a
  missed date due to an unsupported date format or date range will now cause
  the cookie to not match.
parent 387521bb

CHANGES

+8 −0
Original line number Diff line number Diff line
@@ -6,6 +6,14 @@ 


                                  Changelog



Daniel Stenberg (8 Sep 2008)

- Stefan Krause pointed out that libcurl would wrongly send away cookies to

  sites in cases where the cookie clearly has a very old expiry date. The

  condition was simply that libcurl's date parser would fail to convert the

  date and it would then count as a (timed-based) match. Starting now, a

  missed date due to an unsupported date format or date range will now cause

  the cookie to not match.



Daniel Fandrich (5 Sep 2008)

- Improved the logic the decides whether to use HTTP 1.1 features or not in a

  request.  Setting a specific version with CURLOPT_HTTP_VERSION overrides

RELEASE-NOTES

+2 −1
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ This release includes the following bugfixes: 
 o MingW32 non-configure builds are now largefile feature enabled by default

 o NetWare LIBC builds are now largefile feature enabled by default

 o curl_easy_pause() could behave wrongly on unpause

 o cookie with invalid expire dates are now considered expired



This release includes the following known bugs:
@@ -32,6 +33,6 @@ This release would not have looked like this without help, code, reports and 
advice from friends like these:



 Keith Mok, Yang Tse, Daniel Fandrich, Guenter Knauf, Dmitriy Sergeyev,

 Linus Nielsen Feltzing, Martin Drasar

 Linus Nielsen Feltzing, Martin Drasar, Stefan Krause



        Thanks! (and sorry if I forgot to mention someone)

lib/cookie.c

+11 −7
Original line number Diff line number Diff line
@@ -338,7 +338,8 @@ Curl_cookie_add(struct SessionHandle *data, 
              break;

            }

            co->expires =

              atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now;

              atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) +

              (long)now;

          }

          else if(strequal("expires", name)) {

            co->expirestr=strdup(whatptr);
@@ -346,6 +347,9 @@ Curl_cookie_add(struct SessionHandle *data, 
              badcookie = TRUE;

              break;

            }

            /* Note that we store -1 in 'expires' here if the date couldn't

               get parsed for whatever reason. This will have the effect that

               the cookie won't match. */

            co->expires = curl_getdate(what, &now);

          }

          else if(!co->name) {
@@ -769,7 +773,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, 
    /* only process this cookie if it is not expired or had no expire

       date AND that if the cookie requires we're secure we must only

       continue if we are! */

    if( (co->expires<=0 || (co->expires> now)) &&

    if( (!co->expires || (co->expires > now)) &&

        (co->secure?secure:TRUE) ) {



      /* now check if the domain is correct */