webmcp

diff framework/env/request/set_cookie.lua @ 223:32ec28229bb5

find changesets by author, revision, files, or words in the commit message
Finished removing all references to cgi module (except demo-app); Removed partial loading mechanism
author jbe
date Fri Feb 27 21:49:00 2015 +0100 (2015-02-27)
parents 944642a3e488
children b4b6e1fc74e8
line diff
     1.1 --- a/framework/env/request/set_cookie.lua	Fri Feb 27 17:18:08 2015 +0100
     1.2 +++ b/framework/env/request/set_cookie.lua	Fri Feb 27 21:49:00 2015 +0100
     1.3 @@ -12,32 +12,45 @@
     1.4  --]]--
     1.5  
     1.6  function request.set_cookie(args)
     1.7 -  local path = args.path
     1.8 -  if not path then
     1.9 -    path = string.match(
    1.10 +  local args = table.new(args)
    1.11 +  if not args.path then
    1.12 +    args.path = string.match(
    1.13        request.get_absolute_baseurl(),
    1.14        "://[^/]*(.*)"
    1.15      )
    1.16 -    if path == nil or path == "" then
    1.17 +    if path == nil then
    1.18        path = "/"
    1.19      end
    1.20    end
    1.21 -  local secure = args.secure
    1.22 -  if secure == nil then
    1.23 +  if args.secure == nil then
    1.24      if string.find(
    1.25        string.lower(request.get_absolute_baseurl()),
    1.26        "^https://"
    1.27      ) then
    1.28 -      secure = true
    1.29 +      args.secure = true
    1.30      else
    1.31 -      secure = false
    1.32 +      args.secure = false
    1.33      end
    1.34    end
    1.35 -  cgi.set_cookie{
    1.36 -    name   = args.name,
    1.37 -    value  = args.value,
    1.38 -    domain = args.domain,
    1.39 -    path   = path,
    1.40 -    secure = secure
    1.41 -  }
    1.42 +  assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
    1.43 +  assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
    1.44 +  local parts = {args.name .. "=" .. args.value}
    1.45 +  if args.domain then
    1.46 +    assert(
    1.47 +      string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
    1.48 +      "Illegal cookie domain"
    1.49 +    )
    1.50 +    parts[#parts+1] = "domain=" .. args.domain
    1.51 +  end
    1.52 +  if args.path then
    1.53 +    assert(
    1.54 +      string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
    1.55 +      "Illegal cookie path"
    1.56 +    )
    1.57 +    parts[#parts+1] = "path=" .. args.path
    1.58 +  end
    1.59 +  if args.secure then
    1.60 +    parts[#parts+1] = "secure"
    1.61 +  end
    1.62 +  request.add_header("Set-Cookie", table.concat(parts, "; "))
    1.63  end

Impressum / About Us