Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 21019
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: LDS [...] cpan.org
Requestors: burak [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: HttpOnly cookies
Download (untitled) / with headers
text/plain 488b
I've created patches for HttpOnly cookies. See http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp for more information. Files are generated with this commands: C:\>diff CGI.pm-3.20x\CGI\Cookie.pm CGI.pm-3.20\CGI\Cookie.pm > CGI- Cookie.diff C:\>diff CGI.pm-3.20x\CGI.pm CGI.pm-3.20\CGI.pm > CGI.diff Test script output: Set-Cookie: test=1; path=/; HttpOnly Date: Wed, 16 Aug 2006 15:02:19 GMT Content-Type: text/html; charset=ISO-8859-1 test2=2; path=/; HttpOnly
Subject: CGI.diff
Download CGI.diff
text/x-diff 363b
2693,2694c2693,2694 < my($name,$value,$path,$domain,$secure,$expires,$httponly) = < rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@p); --- > my($name,$value,$path,$domain,$secure,$expires) = > rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES],@p); 2722d2721 < push(@param,'-httponly'=>$httponly) if $httponly;
Subject: test.txt
Download test.txt
text/plain 366b
use lib qw(C:/DOCUME~1/burak/Desktop/CGI.pm-3.20x); use strict; use warnings; use CGI qw(:standard); use CGI::Cookie; my $httponly = 1; my $cgi = cookie -name => 'test', -value => 1, httponly => $httponly; my $cookie = CGI::Cookie->new(-name => 'test2', -value => 2, httponly => $httponly); print header -cookie => $cgi; print $cookie;
Subject: CGI-Cookie.diff
Download CGI-Cookie.diff
text/x-diff 1.3k
119,120c119,120 < my($name,$value,$path,$domain,$secure,$expires,$httponly) = < rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES,HTTPONLY],@_); --- > my($name,$value,$path,$domain,$secure,$expires) = > rearrange([NAME,[VALUE,VALUES],PATH,DOMAIN,SECURE,EXPIRES],@_); 149d148 < $self->httponly($httponly) if defined $httponly; 158c157 < my(@constant_values,$domain,$path,$expires,$max_age,$secure,$httponly); --- > my(@constant_values,$domain,$path,$expires,$max_age,$secure); 165d163 < push(@constant_values,"HttpOnly") if $httponly = $self->httponly; 256,263d253 < < sub httponly { # HttpOnly < my $self = shift; < my $httponly = shift; < $self->{'httponly'} = $httponly if defined $httponly; < return $self->{'httponly'}; < } < 350,362d339 < =item B<4. httponly flag> < < If the "httponly" attribute is set, the cookie will only be accessible < through HTTP Requests. This cookie will be inaccessible via JavaScript < (to prevent XSS attacks). < < But, currently this feature only used and recognised by < MS Internet Explorer 6 Service Pack 1 and later. < < See this URL for more information: < < L<http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp> < 397,399d373 < B<-httponly> if set to a true value, the cookie will not be accessible < via JavaScript. <
Download (untitled) / with headers
text/plain 340b
Thanks! Your patches will appear in version 2.22. The next time you generate a patch, you should put the original filename *before* the new filename. Otherwise you create a reverse patch that will undo what you are attempting to accomplish. Also it is a good idea to use the -u, -N, and -a options, as described in the patch documentation.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.