diff options
| -rw-r--r-- | docs/changes.xml | 6 | ||||
| -rw-r--r-- | src/nxt_http_request.c | 7 | ||||
| -rw-r--r-- | test/test_routing.py | 14 |
3 files changed, 22 insertions, 5 deletions
diff --git a/docs/changes.xml b/docs/changes.xml index 1534a6dc..7c0712f3 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -31,6 +31,12 @@ NGINX Unit updated to 1.29.0. date="" time="" packager="Nginx Packaging <nginx-packaging@f5.com>"> +<change type="bugfix"> +<para> +fix HTTP cookie parsing when the value contains an equals sign. +</para> +</change> + </changes> diff --git a/src/nxt_http_request.c b/src/nxt_http_request.c index 943ad82d..7a790f73 100644 --- a/src/nxt_http_request.c +++ b/src/nxt_http_request.c @@ -1035,14 +1035,11 @@ nxt_http_cookie_parse(nxt_array_t *cookies, u_char *start, const u_char *end) for (p = start; p < end; p++) { c = *p; - if (c == '=') { + if (c == '=' && name == NULL) { while (start[0] == ' ') { start++; } name_length = p - start; - - if (name_length != 0) { - name = start; - } + name = start; start = p + 1; diff --git a/test/test_routing.py b/test/test_routing.py index 3649b37c..0d7b908c 100644 --- a/test/test_routing.py +++ b/test/test_routing.py @@ -1401,6 +1401,20 @@ class TestRouting(TestApplicationPython): self.route_match_invalid({"cookies": ["var"]}) self.route_match_invalid({"cookies": [{"foo": {}}]}) + def test_routes_match_cookies_complex(self): + self.route_match({"cookies": {"foo": "bar=baz"}}) + self.cookie('foo=bar=baz', 200) + self.cookie(' foo=bar=baz ', 200) + self.cookie('=foo=bar=baz', 404) + + self.route_match({"cookies": {"foo": ""}}) + self.cookie('foo=', 200) + self.cookie('foo=;', 200) + self.cookie(' foo=;', 200) + self.cookie('foo', 404) + self.cookie('', 404) + self.cookie('=', 404) + def test_routes_match_cookies_multiple(self): self.route_match({"cookies": {"foo": "bar", "blah": "blah"}}) |