Avoid to match non-Lemon cookie (#2417)
This commit is contained in:
parent
e9487a42d7
commit
6f3938d014
|
@ -499,8 +499,8 @@ sub fetchId {
|
|||
and not $class->_isHttps( $req, $vhost ) );
|
||||
my $cn = $class->tsv->{cookieName};
|
||||
my $value = $lookForHttpCookie # Avoid prefix and bad cookie name (#2417)
|
||||
? ( $t =~ /(?<!-)\b${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||
: ( $t =~ /(?<!-)\b$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
? ( $t =~ /(?<![-.~])\b${cn}http=([^,; ]+)/o ? $1 : 0 )
|
||||
: ( $t =~ /(?<![-.~])\b$cn=([^,; ]+)/o ? $1 : 0 );
|
||||
|
||||
if ( $value && $lookForHttpCookie && $class->tsv->{securedCookie} == 3 ) {
|
||||
$value = $class->tsv->{cipher}->decryptHex( $value, "http" );
|
||||
|
|
|
@ -127,14 +127,32 @@ count(3);
|
|||
|
||||
# Bad cookie name
|
||||
ok( $res = $client->_get( '/', undef, undef, "fakelemonldap=$sessionId" ),
|
||||
'Unauthentified query' );
|
||||
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );
|
||||
'Bad cookie name' );
|
||||
ok( $res->[0] == 302, ' Code is 302 (name)' ) or explain( $res, 302 );
|
||||
count(2);
|
||||
|
||||
# Bad cookie name
|
||||
ok( $res = $client->_get( '/', undef, undef, "fake-lemonldap=$sessionId" ),
|
||||
'Unauthentified query' );
|
||||
ok( $res->[0] == 302, ' Code is 302' ) or explain( $res, 302 );
|
||||
'Bad cookie name (-)' );
|
||||
ok( $res->[0] == 302, ' Code is 302 (-)' ) or explain( $res, 302 );
|
||||
count(2);
|
||||
|
||||
# Bad cookie name
|
||||
ok( $res = $client->_get( '/', undef, undef, "fake.lemonldap=$sessionId" ),
|
||||
'Bad cookie name (.)' );
|
||||
ok( $res->[0] == 302, ' Code is 302 (.)' ) or explain( $res, 302 );
|
||||
count(2);
|
||||
|
||||
# Bad cookie name
|
||||
ok( $res = $client->_get( '/', undef, undef, "fake_lemonldap=$sessionId" ),
|
||||
'Bad cookie name (_)' );
|
||||
ok( $res->[0] == 302, ' Code is 302 (_)' ) or explain( $res, 302 );
|
||||
count(2);
|
||||
|
||||
# Bad cookie name
|
||||
ok( $res = $client->_get( '/', undef, undef, "fake~lemonldap=$sessionId" ),
|
||||
'Bad cookie name (~)' );
|
||||
ok( $res->[0] == 302, ' Code is 302 (~)' ) or explain( $res, 302 );
|
||||
count(2);
|
||||
|
||||
# Bad cookie
|
||||
|
|
Loading…
Reference in New Issue
Block a user