From: hniksic <devnull@localhost>
Date: Mon, 18 Jun 2001 18:49:33 +0000 (-0700)
Subject: [svn] Allow more characters in attribute name.
X-Git-Tag: v1.13~2092
X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=e98fca84a3d8aee764e6f57da647415bfa37821f

[svn] Allow more characters in attribute name.
Published in <sxsr8wi9jeo.fsf@florida.arsdigita.de>.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 2eedc987..66cfca9d 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2001-06-18  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+	* cookies.c (ATTR_NAME_CHAR): Allow almost any character to be in
+	an attribute name.
+
 2001-06-18  Hrvoje Niksic  <hniksic@arsdigita.com>
 
 	* url.c (url_filename): Make sure that slashes that sneak in to
diff --git a/src/cookies.c b/src/cookies.c
index b70c3423..0a021839 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -418,9 +418,16 @@ update_cookie_field (struct cookie *cookie,
 #undef NAME_IS
 
 /* Returns non-zero for characters that are legal in the name of an
-   attribute.  */
-
-#define ATTR_NAME_CHAR(c) (ISALNUM (c) || (c) == '-' || (c) == '_')
+   attribute.  This used to allow only alphanumerics, '-', and '_',
+   but we need to be more lenient because a number of sites wants to
+   use weirder attribute names.  rfc2965 "informally specifies"
+   attribute name (token) as "a sequence of non-special, non-white
+   space characters".  So we allow everything except the stuff we know
+   could harm us.  */
+
+#define ATTR_NAME_CHAR(c) ((c) > 32 && (c) < 127	\
+			   && (c) != '"' && (c) != '='	\
+			   && (c) != ';' && (c) != ',')
 
 /* Fetch the next character without doing anything special if CH gets
    set to 0.  (The code executed next is expected to handle it.)  */