Bug #70721 for HTTP-Cookies: Bug with handling of double quote for version 1 cookies

Sun Sep 04 14:32:20 2011 ksv_work [...] yahoo.com - Ticket created

Subject:	Bug with handling of double quote for version 1 cookies
Date:	Sun, 4 Sep 2011 11:32:10 -0700 (PDT)
To:	"bug-HTTP-Cookies [...] rt.cpan.org" <bug-HTTP-Cookies [...] rt.cpan.org>
From:	Sergey Kolychev <ksv_work [...] yahoo.com>

Hello there, There seems to be a bug in how HTTP::Cookies (current module) works with version 1 cookies that forces me to subclass the HTTP::Cookies and redefine its behaviour any time I encounter a site that uses version 1 cookies (thankfully not many use them). Any chance it can be fixed somehow ? This block ------------------------------------------------------------------------- my($k,$v) = split(/\s*=\s*/, $param, 2); if (defined $v) { $v =~ s/\s+$//; #print "$k => $v\n"; } else { $k =~ s/\s+$//; #print "$k => undef"; } ------------------------------------- used to extract cookies from the response header keeps leading and ending double quotes of the cookie value if the response header has them. Then this block: --------------------------------------- # do we need to quote the value if ($val =~ /\W/ && $version) { $val =~ s/([\\\"])/\\$1/g; $val = qq("$val"); } --------------------------------------- adds redundant leading and ending double quote resulting in incorrect cookie value that looks like foo="\"bar\"" Thank you. Reply to: Reply to Sergey Kolychev Reply to Sergey Kolychev Send

Fri Nov 06 04:47:56 2015 oleg [...] cpan.org - Correspondence added

Вск Сен 04 14:32:20 2011, ksv_work@yahoo.com писал: Show quoted text

> Hello there, > There seems to be a bug in how HTTP::Cookies (current module) works > with > version 1 cookies that forces me to subclass the HTTP::Cookies and > redefine > > its behaviour any time I encounter a site that uses version 1 cookies > (thankfully not many use them). > Any chance it can be fixed somehow ? > > This block > ------------------------------------------------------------------------- > > my($k,$v) = split(/\s*=\s*/, $param, 2); > > if (defined $v) { > $v =~ s/\s+$//; > #print "$k => $v\n"; > } > else { > $k =~ s/\s+$//; > #print "$k => undef"; > } > ------------------------------------- > used to extract cookies from the response header keeps leading and > ending double quotes > of the cookie value if the response header has them. > > Then > this block: > --------------------------------------- > # do we need to quote the value > if ($val =~ /\W/ && $version) { > $val =~ s/([\\\"])/\\$1/g; > $val = qq("$val"); > } > --------------------------------------- > adds redundant leading and ending double quote resulting in incorrect > cookie value > that looks like > foo="\"bar\"" > > Thank you. > > > Reply to: > Reply to Sergey Kolychev Reply to Sergey Kolychev Send

Parsing of quoted values still doesn't work. Test to reproduce: use strict; use HTTP::Cookies; use HTTP::Request; use HTTP::Response; my $req = HTTP::Request->new(GET => "http://example.com"); my $resp = HTTP::Response->new(200, 'OK', ['Set-Cookie', q!a="b;c;\\"d"; expires=Fri, 06-Nov-2025 08:58:34 GMT; domain=example.com; path=/!]); $resp->request($req); my $c = HTTP::Cookies->new; $c->extract_cookies($resp); print $c->as_string, "\n"; __END__ OUTPUT IS: Set-Cookie3: a="\"b"; path="/"; domain=example.com; path_spec; expires="2025-11-06 08:58:34Z"; \"d"; c; version=0 EXPECTED OUTPUT: Set-Cookie3: a="b;c;\"d"; path="/"; domain=example.com; path_spec; expires="2025-11-06 08:58:34Z"; \"d"; c; version=0

Fri Nov 06 04:47:57 2015 The RT System itself - Status changed from 'new' to 'open'

Thu Mar 30 19:32:24 2017 olaf [...] wundersolutions.com - Correspondence added

Ticket migrated to github as https://github.com/libwww-perl/http-cookies/issues/32

Thu Mar 30 19:32:25 2017 olaf [...] wundersolutions.com - Status changed from 'open' to 'resolved'