_clean_input_keys() does not follow RFC2109 |
[eluser]BlueCamel[/eluser]
The _clean_input_keys() function in CI 1.6.2 uses the following regex to reject cookies with "unacceptable" chars: "/^[a-z0-9:_\/-]+$/i" According to rfc2109 http://rfc.net/rfc2109.html the user agent may return some spacial cookies including $Version, $Path, and $Domain. See section: 4.4 How an Origin Server Interprets the Cookie Header In the following section 5.1 they have an example of this exchnage where the UA returns a $Version and $Path cookie along with the cookie set by the server. The problem here is that the regex above trips over the $ char. Can this be adjusted to either include $ chars in the next release of CI? This isn't a hypothetical issue as the Mathmatica web client follows the above RFC and returns $Version ci_session $Path similar to the example in section 5.1 of the RFC. |
Messages In This Thread |
_clean_input_keys() does not follow RFC2109 - by El Forum - 10-16-2008, 09:44 PM
_clean_input_keys() does not follow RFC2109 - by El Forum - 10-17-2008, 05:37 AM
_clean_input_keys() does not follow RFC2109 - by El Forum - 10-17-2008, 06:28 AM
_clean_input_keys() does not follow RFC2109 - by El Forum - 10-17-2008, 06:33 AM
_clean_input_keys() does not follow RFC2109 - by El Forum - 10-17-2008, 06:34 AM
|