webmcp
diff framework/env/request/set_cookie.lua @ 223:32ec28229bb5
Finished removing all references to cgi module (except demo-app); Removed partial loading mechanism
author | jbe |
---|---|
date | Fri Feb 27 21:49:00 2015 +0100 (2015-02-27) |
parents | 944642a3e488 |
children | b4b6e1fc74e8 |
line diff
1.1 --- a/framework/env/request/set_cookie.lua Fri Feb 27 17:18:08 2015 +0100 1.2 +++ b/framework/env/request/set_cookie.lua Fri Feb 27 21:49:00 2015 +0100 1.3 @@ -12,32 +12,45 @@ 1.4 --]]-- 1.5 1.6 function request.set_cookie(args) 1.7 - local path = args.path 1.8 - if not path then 1.9 - path = string.match( 1.10 + local args = table.new(args) 1.11 + if not args.path then 1.12 + args.path = string.match( 1.13 request.get_absolute_baseurl(), 1.14 "://[^/]*(.*)" 1.15 ) 1.16 - if path == nil or path == "" then 1.17 + if path == nil then 1.18 path = "/" 1.19 end 1.20 end 1.21 - local secure = args.secure 1.22 - if secure == nil then 1.23 + if args.secure == nil then 1.24 if string.find( 1.25 string.lower(request.get_absolute_baseurl()), 1.26 "^https://" 1.27 ) then 1.28 - secure = true 1.29 + args.secure = true 1.30 else 1.31 - secure = false 1.32 + args.secure = false 1.33 end 1.34 end 1.35 - cgi.set_cookie{ 1.36 - name = args.name, 1.37 - value = args.value, 1.38 - domain = args.domain, 1.39 - path = path, 1.40 - secure = secure 1.41 - } 1.42 + assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name") 1.43 + assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value") 1.44 + local parts = {args.name .. "=" .. args.value} 1.45 + if args.domain then 1.46 + assert( 1.47 + string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"), 1.48 + "Illegal cookie domain" 1.49 + ) 1.50 + parts[#parts+1] = "domain=" .. args.domain 1.51 + end 1.52 + if args.path then 1.53 + assert( 1.54 + string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"), 1.55 + "Illegal cookie path" 1.56 + ) 1.57 + parts[#parts+1] = "path=" .. args.path 1.58 + end 1.59 + if args.secure then 1.60 + parts[#parts+1] = "secure" 1.61 + end 1.62 + request.add_header("Set-Cookie", table.concat(parts, "; ")) 1.63 end