From a51034eda320f13eca2e0f05a0a17459d907d90e Mon Sep 17 00:00:00 2001 From: Jiale Zhi Date: Tue, 29 Oct 2013 12:49:23 -0700 Subject: Deal with white space and tabs in cookie --- lib/resty/cookie.lua | 11 ++++++++--- t/sanity.t | 27 +++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/lib/resty/cookie.lua b/lib/resty/cookie.lua index 87f8e74..c6dfa07 100644 --- a/lib/resty/cookie.lua +++ b/lib/resty/cookie.lua @@ -8,6 +8,7 @@ local get_string_sub = string.sub local EQUAL = get_string_byte("=") local SEMICOLON = get_string_byte(";") local SPACE = get_string_byte(" ") +local HTAB = get_string_byte("\t") local ok, new_tab = pcall(require, "table.new") @@ -36,7 +37,7 @@ local function get_cookie_table(text_cookie) local EXPECT_VALUE = 2 local EXPECT_SP = 3 - local state = EXPECT_KEY + local state = EXPECT_SP local i = 1 local j = 1 local key, value @@ -49,7 +50,10 @@ local function get_cookie_table(text_cookie) i = j + 1 end elseif state == EXPECT_VALUE then - if get_string_byte(text_cookie, j) == SEMICOLON then + if get_string_byte(text_cookie, j) == SEMICOLON or + get_string_byte(text_cookie, j) == SPACE or + get_string_byte(text_cookie, j) == HTAB then + value = get_string_sub(text_cookie, i, j - 1) cookie_table[key] = value @@ -58,7 +62,8 @@ local function get_cookie_table(text_cookie) i = j + 1 end elseif state == EXPECT_SP then - if get_string_byte(text_cookie, j) ~= SPACE then + if get_string_byte(text_cookie, j) ~= SPACE and + get_string_byte(text_cookie, j) ~= HTAB then state = EXPECT_KEY i = j j = j - 1 diff --git a/t/sanity.t b/t/sanity.t index bc52348..eb2086a 100644 --- a/t/sanity.t +++ b/t/sanity.t @@ -77,6 +77,7 @@ Cookie: SID=31d4d96e407aad42; lang=en-US lang => en-US + === TEST 3: no cookie header --- http_config eval: $::HttpConfig --- config @@ -100,6 +101,7 @@ no cookie found in current request --- response_body + === TEST 4: empty value --- http_config eval: $::HttpConfig --- config @@ -127,3 +129,28 @@ Cookie: SID= SID => + +=== TEST 5: cookie with space/tab +--- http_config eval: $::HttpConfig +--- config + location /t { + content_by_lua ' + local ck = require "resty.cookie" + local cookie, err = ck:new() + if not cookie then + ngx.log(ngx.ERR, err) + return + end + + local fields = cookie:get_all() + + for k, v in pairs(fields) do + ngx.say(k, " => ", v) + end + '; + } +--- request +GET /t +--- more_headers eval: "Cookie: SID=foo\t" +--- response_body +SID => foo -- cgit v1.2.3-70-g09d2