GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

Previous Next

Package: emacs;

Reported by: "Karol Hosiawa" <hosiawak <at> gmail.com>

Date: Fri, 21 Nov 2008 15:30:02 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 24.2

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "Karol Hosiawa" <hosiawak <at> gmail.com>
To: emacs-pretest-bug <at> gnu.org
Subject: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Fri, 21 Nov 2008 15:23:37 +0000

The function url-cookie-handle-set-cookie in url-cookie.el
doesn't check if url-cookie-trusted-urls is set. It does some
preliminary checks but doesn't apply this info in the end.

Proposed patch:

change line 418 of url-cookie.el from:

((url-cookie-host-can-set-p (url-host url-current-object) domain)

to

((or trusted
  (url-cookie-host-can-set-p (url-host url-current-object) domain)



In GNU Emacs 23.0.60.1 (i686-pc-linux-gnu, GTK+ Version 2.12.9)
 of 2008-07-28 on gentoo
Windowing system distributor `The X.Org Foundation', version 11.0.10300000
configured using `configure  '--prefix=/usr'
'--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc'
'--localstatedir=/var/lib' '--program-suffix=-emacs-23'
'--infodir=/usr/share/info/emacs-23' '--without-carbon' '--with-sound'
'--with-x' '--with-toolkit-scroll-bars' '--with-gif' '--with-jpeg'
'--with-png' '--without-rsvg' '--with-tiff' '--with-xpm'
'--enable-font-backend' '--with-freetype' '--with-xft'
'--without-libotf' '--without-m17n-flt' '--with-x-toolkit=gtk'
'--without-hesiod' '--without-kerberos' '--without-kerberos5'
'--with-gpm' '--with-dbus' '--build=i686-pc-linux-gnu'
'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu'
'CFLAGS=-O2 -march=i686 -pipe' 'LDFLAGS=-Wl,-O1''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_US.UTF8
  value of $XMODIFIERS: nil
  locale-coding-system: utf-8-unix
  default-enable-multibyte-characters: t

Major mode: Emacs-Lisp

Minor modes in effect:
  erc-list-mode: t
  erc-menu-mode: t
  erc-autojoin-mode: t
  erc-ring-mode: t
  erc-networks-mode: t
  erc-pcomplete-mode: t
  erc-track-mode: t
  erc-track-minor-mode: t
  erc-match-mode: t
  erc-button-mode: t
  erc-fill-mode: t
  erc-stamp-mode: t
  erc-netsplit-mode: t
  erc-irccontrols-mode: t
  erc-noncommands-mode: t
  erc-move-to-prompt-mode: t
  erc-readonly-mode: t
  shell-dirtrack-mode: t
  cua-mode: t
  show-paren-mode: t
  diff-auto-refine-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  global-auto-composition-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
C-k C-l C-l C-l C-l C-o C-n C-o C-n C-h c r <backspace>
e C-/ C-/ h v e r c - C-/ C-h f C-g C-h v e r c - p
a <tab> s s <tab> <return> <help-echo> C-x 1 C-o C-n
C-l C-l C-l C-l C-o C-n C-o C-n <down-mouse-5> <mouse-5>
<double-down-mouse-5> <double-mouse-5> <triple-down-mouse-5>
<triple-mouse-5> <triple-down-mouse-5> <triple-mouse-5>
<triple-down-mouse-5> <triple-mouse-5> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <triple-down-mouse-4>
<triple-mouse-4> C-o C-n C-l C-o C-n C-o C-p <help-echo>
C-o C-n C-o C-p <help-echo> C-o C-n C-x C-f / m n <return>
<return> w h i C-s C-s C-s <return> p u <return> s
t <return> g e <return> M-g M-g 7 5 3 <return> C-n
C-n C-k C-k C-x C-s C-o C-p C-p C-p C-p C-n C-n C-p
C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p
C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p
C-p C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n
C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n
C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <triple-down-mouse-4>
<triple-mouse-4> <down-mouse-4> <mouse-4> <double-down-mouse-4>
<double-mouse-4> <down-mouse-5> <mouse-5> <double-down-mouse-5>
<double-mouse-5> <triple-down-mouse-5> <triple-mouse-5>
<triple-down-mouse-5> <triple-mouse-5> <triple-down-mouse-5>
<triple-mouse-5> <down-mouse-1> <mouse-movement> <mouse-1>
<help-echo> <down-mouse-1> <mouse-1> <help-echo> M-x
r e p o <tab> r <tab> <return> C-x 3 C-g C-x 3 C-x
b c o o <backspace> <backspace> <backspace> C-g C-x
C-f / u s <return> <return> <return> <return> <return>
u r <return> c o o <return> C-v C-v C-v C-v C-v C-v
C-v C-n C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p C-p
C-p C-p C-p C-p C-p C-p C-p C-p C-p C-n M-x r e p o
<tab> r t <tab> <return>

Recent messages:
Loading vc-svn...done
Mark set
Wrote /mnt/dev/jacuzzi_whitelabel/public/stylesheets/general.css
byte-code: End of buffer
Making completion list...
split-window-horizontally: Attempt to split minibuffer window
Quit [3 times]
uncompressing url-cookie.el.gz...done
Note: file is write protected
Making completion list...
This bug report was last modified 13 years and 101 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.