From: Ruediger Pluem <rpluem@apache.org>
Date: Tue, 24 Aug 2010 06:41:38 +0000 (+0000)
Subject: Merge r833738, r834006, r834013, r834500 from trunk:
X-Git-Tag: 2.2.17~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2756d7aa716ac92fe5c14596179b2137a29a44a3;p=thirdparty%2Fapache%2Fhttpd.git

Merge r833738, r834006, r834013, r834500 from trunk:

mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.

Submitted by: Dan Franklin <dan dan-franklin.com>, Stefan Fritsch

Simplify code by using apr_strtok

Also remove trailing whitespace in the value

fix off by one error
PR: 28037

Reviewed by: sf, jim, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@988403 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 74e4fd6aa55..ad84056e62c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.17
 
+  *) mod_log_config: Make ${cookie}C correctly match whole cookie names
+     instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
+     Stefan Fritsch]
+
   *) mod_dir, mod_negotiation: Pass the output filter information
      to newly created sub requests; as these are later on used
      as true requests with an internal redirect. This allows for
diff --git a/STATUS b/STATUS
index f38c46bb618..8c121bffbf1 100644
--- a/STATUS
+++ b/STATUS
@@ -87,15 +87,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_log_config: Make ${cookie}C correctly match whole cookie names
-    instead of substrings.
-    PR: 28037
-    Trunk patch: http://svn.apache.org/viewvc?rev=833738&view=rev
-                 http://svn.apache.org/viewvc?rev=834006&view=rev
-                 http://svn.apache.org/viewvc?rev=834013&view=rev
-                 http://svn.apache.org/viewvc?rev=834500&view=rev
-    2.2.x patch: http://people.apache.org/~sf/log_cookie_28037.diff
-    +1: sf, jim, rpluem
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/docs/manual/mod/mod_log_config.xml b/docs/manual/mod/mod_log_config.xml
index 1d4e87e4082..69ce28e28fd 100644
--- a/docs/manual/mod/mod_log_config.xml
+++ b/docs/manual/mod/mod_log_config.xml
@@ -85,7 +85,7 @@
 
     <tr><td><code>%{<var>Foobar</var>}C</code></td>
         <td>The contents of cookie <var>Foobar</var> in the request sent
-        to the server.</td></tr>
+        to the server. Only version 0 cookies are fully supported.</td></tr>
 
     <tr><td><code>%D</code></td>
         <td>The time taken to serve the request, in microseconds.</td></tr>
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index 8ceadf7c039..f32a67b02b1 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -506,20 +506,39 @@ static const char *log_env_var(request_rec *r, char *a)
 
 static const char *log_cookie(request_rec *r, char *a)
 {
-    const char *cookies;
-    const char *start_cookie;
-
-    if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
-        if ((start_cookie = ap_strstr_c(cookies,a))) {
-            char *cookie, *end_cookie;
-            start_cookie += strlen(a) + 1; /* cookie_name + '=' */
-            cookie = apr_pstrdup(r->pool, start_cookie);
-            /* kill everything in cookie after ';' */
-            end_cookie = strchr(cookie, ';');
-            if (end_cookie) {
-                *end_cookie = '\0';
+    const char *cookies_entry;
+
+    /*
+     * This supports Netscape version 0 cookies while being tolerant to
+     * some properties of RFC2109/2965 version 1 cookies:
+     * - case-insensitive match of cookie names
+     * - white space between the tokens
+     * It does not support the following version 1 features:
+     * - quoted strings as cookie values
+     * - commas to separate cookies
+     */
+
+    if ((cookies_entry = apr_table_get(r->headers_in, "Cookie"))) {
+        char *cookie, *last1, *last2;
+        char *cookies = apr_pstrdup(r->pool, cookies_entry);
+
+        while ((cookie = apr_strtok(cookies, ";", &last1))) {
+            char *name = apr_strtok(cookie, "=", &last2);
+            char *value;
+            apr_collapse_spaces(name, name);
+
+            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+                char *last;
+                value += strspn(value, " \t");  /* Move past leading WS */
+                last = value + strlen(value) - 1;
+                while (last >= value && apr_isspace(*last)) {
+                   *last = '\0';
+                   --last;
+                }
+
+                return ap_escape_logitem(r->pool, value);
             }
-            return ap_escape_logitem(r->pool, cookie);
+            cookies = NULL;
         }
     }
     return NULL;