diff options
Diffstat (limited to 'modules/loggers/mod_log_config.c')
| -rw-r--r-- | modules/loggers/mod_log_config.c | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 8ceadf7c..f32a67b0 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -506,20 +506,39 @@ static const char *log_env_var(request_rec *r, char *a) static const char *log_cookie(request_rec *r, char *a) { - const char *cookies; - const char *start_cookie; - - if ((cookies = apr_table_get(r->headers_in, "Cookie"))) { - if ((start_cookie = ap_strstr_c(cookies,a))) { - char *cookie, *end_cookie; - start_cookie += strlen(a) + 1; /* cookie_name + '=' */ - cookie = apr_pstrdup(r->pool, start_cookie); - /* kill everything in cookie after ';' */ - end_cookie = strchr(cookie, ';'); - if (end_cookie) { - *end_cookie = '\0'; + const char *cookies_entry; + + /* + * This supports Netscape version 0 cookies while being tolerant to + * some properties of RFC2109/2965 version 1 cookies: + * - case-insensitive match of cookie names + * - white space between the tokens + * It does not support the following version 1 features: + * - quoted strings as cookie values + * - commas to separate cookies + */ + + if ((cookies_entry = apr_table_get(r->headers_in, "Cookie"))) { + char *cookie, *last1, *last2; + char *cookies = apr_pstrdup(r->pool, cookies_entry); + + while ((cookie = apr_strtok(cookies, ";", &last1))) { + char *name = apr_strtok(cookie, "=", &last2); + char *value; + apr_collapse_spaces(name, name); + + if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { + char *last; + value += strspn(value, " \t"); /* Move past leading WS */ + last = value + strlen(value) - 1; + while (last >= value && apr_isspace(*last)) { + *last = '\0'; + --last; + } + + return ap_escape_logitem(r->pool, value); } - return ap_escape_logitem(r->pool, cookie); + cookies = NULL; } } return NULL; |