From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Fri, 25 Dec 2015 05:33:25 +0000 (+0100)
Subject: Don't store cookies with empty names
X-Git-Tag: emacs-26.0.90~2874
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=9f0fd7cb1aec3eb9e2e0f7b8854c30870286d96c;p=emacs.git

Don't store cookies with empty names

* lisp/url/url-cookie.el (url-cookie-store): Refuse to store
cookies with empty names (bug#21936).
---

diff --git a/lisp/url/url-cookie.el b/lisp/url/url-cookie.el
index df9cf621037..1f8ddfdb109 100644
--- a/lisp/url/url-cookie.el
+++ b/lisp/url/url-cookie.el
@@ -119,41 +119,42 @@ telling Microsoft that."
 
 (defun url-cookie-store (name value &optional expires domain localpart secure)
   "Store a cookie."
-  (let ((storage (if secure url-cookie-secure-storage url-cookie-storage))
-	tmp found-domain)
-    ;; First, look for a matching domain.
-    (if (setq found-domain (assoc domain storage))
-	;; Need to either stick the new cookie in existing domain storage
-	;; or possibly replace an existing cookie if the names match.
-	(unless (dolist (cur (setq storage (cdr found-domain)) tmp)
-		  (and (equal localpart (url-cookie-localpart cur))
-		       (equal name (url-cookie-name cur))
-		       (progn
-			 (setf (url-cookie-expires cur) expires)
-			 (setf (url-cookie-value cur) value)
-			 (setq tmp t))))
-	  ;; New cookie.
-	  (setcdr found-domain (cons
-				(url-cookie-create :name name
-						   :value value
-						   :expires expires
-						   :domain domain
-						   :localpart localpart
-						   :secure secure)
-				(cdr found-domain))))
-      ;; Need to add a new top-level domain.
-      (setq tmp (url-cookie-create :name name
-				   :value value
-				   :expires expires
-				   :domain domain
-				   :localpart localpart
-				   :secure secure))
-      (cond (storage
-	     (setcdr storage (cons (list domain tmp) (cdr storage))))
-	    (secure
-	     (setq url-cookie-secure-storage (list (list domain tmp))))
-	    (t
-	     (setq url-cookie-storage (list (list domain tmp))))))))
+  (when (> (length name) 0)
+    (let ((storage (if secure url-cookie-secure-storage url-cookie-storage))
+          tmp found-domain)
+      ;; First, look for a matching domain.
+      (if (setq found-domain (assoc domain storage))
+          ;; Need to either stick the new cookie in existing domain storage
+          ;; or possibly replace an existing cookie if the names match.
+          (unless (dolist (cur (setq storage (cdr found-domain)) tmp)
+                    (and (equal localpart (url-cookie-localpart cur))
+                         (equal name (url-cookie-name cur))
+                         (progn
+                           (setf (url-cookie-expires cur) expires)
+                           (setf (url-cookie-value cur) value)
+                           (setq tmp t))))
+            ;; New cookie.
+            (setcdr found-domain (cons
+                                  (url-cookie-create :name name
+                                                     :value value
+                                                     :expires expires
+                                                     :domain domain
+                                                     :localpart localpart
+                                                     :secure secure)
+                                  (cdr found-domain))))
+        ;; Need to add a new top-level domain.
+        (setq tmp (url-cookie-create :name name
+                                     :value value
+                                     :expires expires
+                                     :domain domain
+                                     :localpart localpart
+                                     :secure secure))
+        (cond (storage
+               (setcdr storage (cons (list domain tmp) (cdr storage))))
+              (secure
+               (setq url-cookie-secure-storage (list (list domain tmp))))
+              (t
+               (setq url-cookie-storage (list (list domain tmp)))))))))
 
 (defun url-cookie-expired-p (cookie)
   "Return non-nil if COOKIE is expired."