mirror of
https://github.com/curl/curl.git
synced 2026-04-11 12:01:42 +08:00
8e8bdd3604
A previous refactor changed the TAB check so that the octet could be accepted in the 'path', which would cause an invalid line in the saved cookie file so not possible to read the cookie back. Not terrible because the path cannot contain a raw tab anyway so it would never match anyway. Add test 1685 to verify Reported-by: Izan on hackerone Closes #21185
58 lines
1009 B
XML
58 lines
1009 B
XML
<?xml version="1.0" encoding="US-ASCII"?>
|
|
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
cookies
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
<data crlf="headers">
|
|
HTTP/1.0 200 OK swsclose
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Content-Type: text/html
|
|
Set-Cookie: name=content; path=/we%TABwant
|
|
Set-Cookie: accept=this; path=/only/this
|
|
|
|
boo
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP, reject cookie with tab in path
|
|
</name>
|
|
<command>
|
|
http://%HOSTIP:%HTTPPORT/ -c %LOGDIR/jar%TESTNUMBER.txt
|
|
</command>
|
|
|
|
<features>
|
|
cookies
|
|
</features>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol crlf="headers">
|
|
GET / HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
</protocol>
|
|
<file name="%LOGDIR/jar%TESTNUMBER.txt" mode="text">
|
|
# Netscape HTTP Cookie File
|
|
# https://curl.se/docs/http-cookies.html
|
|
# This file was generated by libcurl! Edit at your own risk.
|
|
|
|
127.0.0.1%TABFALSE%TAB/only/this%TABFALSE%TAB0%TABaccept%TABthis
|
|
</file>
|
|
</verify>
|
|
</testcase>
|