search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* lread.c (lisp_file_lexically_bound_p): Fix hang at ";-*-\n".
[emacs.git] / lisp / url / url-cookie.el
blobe6ff9bf7dea41c9bf154c8111e4b81578b9c3164
1 ;;; url-cookie.el --- URL cookie support
2
3 ;; Copyright (C) 1996-1999, 2004-2012 Free Software Foundation, Inc.
4
5 ;; Keywords: comm, data, processes, hypermedia
6
7 ;; This file is part of GNU Emacs.
8 ;;
9 ;; GNU Emacs is free software: you can redistribute it and/or modify
10 ;; it under the terms of the GNU General Public License as published by
11 ;; the Free Software Foundation, either version 3 of the License, or
12 ;; (at your option) any later version.
13
14 ;; GNU Emacs is distributed in the hope that it will be useful,
15 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;; GNU General Public License for more details.
18
19 ;; You should have received a copy of the GNU General Public License
20 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
21
22 ;;; Commentary:
23
24 ;;; Code:
25
26 (require 'url-util)
27 (require 'url-parse)
28
29 (eval-when-compile (require 'cl)) ; defstruct
30
31 (defgroup url-cookie nil
32 "URL cookies."
33 :prefix "url-"
34 :prefix "url-cookie-"
35 :group 'url)
36
37 ;; A cookie is stored internally as a vector of 7 slots
38 ;; [ url-cookie NAME VALUE EXPIRES LOCALPART DOMAIN SECURE ]
39
40 (defstruct (url-cookie
41 (:constructor url-cookie-create)
42 (:copier nil)
43 (:type vector)
44 :named)
45 name value expires localpart domain secure)
46
47 (defvar url-cookie-storage nil "Where cookies are stored.")
48 (defvar url-cookie-secure-storage nil "Where secure cookies are stored.")
49 (defcustom url-cookie-file nil
50 "File where cookies are stored on disk."
51 :type '(choice (const :tag "Default" :value nil) file)
52 :group 'url-file
53 :group 'url-cookie)
54
55 (defcustom url-cookie-confirmation nil
56 "If non-nil, confirmation by the user is required to accept HTTP cookies."
57 :type 'boolean
58 :group 'url-cookie)
59
60 (defcustom url-cookie-multiple-line nil
61 "If nil, HTTP requests put all cookies for the server on one line.
62 Some web servers, such as http://www.hotmail.com/, only accept cookies
63 when they are on one line. This is broken behavior, but just try
64 telling Microsoft that."
65 :type 'boolean
66 :group 'url-cookie)
67
68 (defvar url-cookies-changed-since-last-save nil
69 "Whether the cookies list has changed since the last save operation.")
70
71 (defun url-cookie-parse-file (&optional fname)
72 "Load FNAME, default `url-cookie-file'."
73 ;; It's completely normal for the cookies file not to exist yet.
74 (load (or fname url-cookie-file) t t))
75
76 (defun url-cookie-clean-up (&optional secure)
77 (let ((var (if secure 'url-cookie-secure-storage 'url-cookie-storage))
78 new new-cookies)
79 (dolist (cur (symbol-value var))
80 (setq new-cookies nil)
81 (dolist (cur-cookie (cdr cur))
82 (or (not (url-cookie-p cur-cookie))
83 (url-cookie-expired-p cur-cookie)
84 (null (url-cookie-expires cur-cookie))
85 (setq new-cookies (cons cur-cookie new-cookies))))
86 (when new-cookies
87 (setcdr cur new-cookies)
88 (setq new (cons cur new))))
89 (set var new)))
90
91 (defun url-cookie-write-file (&optional fname)
92 (when url-cookies-changed-since-last-save
93 (or fname (setq fname (expand-file-name url-cookie-file)))
94 (if (condition-case nil
95 (progn
96 (url-make-private-file fname)
97 nil)
98 (error t))
99 (message "Error accessing cookie file `%s'" fname)
100 (url-cookie-clean-up)
101 (url-cookie-clean-up t)
102 (with-temp-buffer
103 (insert ";; Emacs-W3 HTTP cookies file\n"
104 ";; Automatically generated file!!! DO NOT EDIT!!!\n\n"
105 "(setq url-cookie-storage\n '")
106 (pp url-cookie-storage (current-buffer))
107 (insert ")\n(setq url-cookie-secure-storage\n '")
108 (pp url-cookie-secure-storage (current-buffer))
109 (insert ")\n")
110 (insert "\f\n;; Local Variables:\n"
111 ";; version-control: never\n"
112 ";; no-byte-compile: t\n"
113 ";; End:\n")
114 (set (make-local-variable 'version-control) 'never)
115 (write-file fname))
116 (setq url-cookies-changed-since-last-save nil))))
117
118 (defun url-cookie-store (name value &optional expires domain localpart secure)
119 "Store a cookie."
120 (let ((storage (if secure url-cookie-secure-storage url-cookie-storage))
121 tmp found-domain)
122 ;; First, look for a matching domain.
123 (if (setq found-domain (assoc domain storage))
124 ;; Need to either stick the new cookie in existing domain storage
125 ;; or possibly replace an existing cookie if the names match.
126 (unless (dolist (cur (setq storage (cdr found-domain)) tmp)
127 (and (equal localpart (url-cookie-localpart cur))
128 (equal name (url-cookie-name cur))
129 (progn
130 (setf (url-cookie-expires cur) expires)
131 (setf (url-cookie-value cur) value)
132 (setq tmp t))))
133 ;; New cookie.
134 (setcdr found-domain (cons
135 (url-cookie-create :name name
136 :value value
137 :expires expires
138 :domain domain
139 :localpart localpart
140 :secure secure)
141 (cdr found-domain))))
142 ;; Need to add a new top-level domain.
143 (setq tmp (url-cookie-create :name name
144 :value value
145 :expires expires
146 :domain domain
147 :localpart localpart
148 :secure secure))
149 (cond (storage
150 (setcdr storage (cons (list domain tmp) (cdr storage))))
151 (secure
152 (setq url-cookie-secure-storage (list (list domain tmp))))
153 (t
154 (setq url-cookie-storage (list (list domain tmp))))))))
155
156 (defun url-cookie-expired-p (cookie)
157 "Return non-nil if COOKIE is expired."
158 (let ((exp (url-cookie-expires cookie)))
159 (and (> (length exp) 0)
160 (> (float-time) (float-time (date-to-time exp))))))
161
162 (defun url-cookie-retrieve (host &optional localpart secure)
163 "Retrieve all cookies for a specified HOST and LOCALPART."
164 (let ((storage (if secure
165 (append url-cookie-secure-storage url-cookie-storage)
166 url-cookie-storage))
167 (case-fold-search t)
168 cookies retval localpart-match)
169 (dolist (cur storage)
170 (setq cookies (cdr cur))
171 (if (and (car cur)
172 (string-match
173 (concat "^.*"
174 (regexp-quote
175 ;; Remove the dot from wildcard domains
176 ;; before matching.
177 (if (eq ?. (aref (car cur) 0))
178 (substring (car cur) 1)
179 (car cur)))
180 "$") host))
181 ;; The domains match - a possible hit!
182 (dolist (cur cookies)
183 (and (if (and (stringp
184 (setq localpart-match (url-cookie-localpart cur)))
185 (stringp localpart))
186 (string-match (concat "^" (regexp-quote localpart-match))
187 localpart)
188 (equal localpart localpart-match))
189 (not (url-cookie-expired-p cur))
190 (setq retval (cons cur retval))))))
191 retval))
192
193 (defun url-cookie-generate-header-lines (host localpart secure)
194 (let ((cookies (url-cookie-retrieve host localpart secure))
195 retval chunk)
196 ;; Have to sort this for sending most specific cookies first.
197 (setq cookies (and cookies
198 (sort cookies
199 (lambda (x y)
200 (> (length (url-cookie-localpart x))
201 (length (url-cookie-localpart y)))))))
202 (dolist (cur cookies)
203 (setq chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur))
204 retval (if (and url-cookie-multiple-line
205 (< 80 (+ (length retval) (length chunk) 4)))
206 (concat retval "\r\nCookie: " chunk)
207 (if retval
208 (concat retval "; " chunk)
209 (concat "Cookie: " chunk)))))
210 (if retval
211 (concat retval "\r\n")
212 "")))
213
214 (defvar url-cookie-two-dot-domains
215 (concat "\\.\\("
216 (mapconcat 'identity (list "com" "edu" "net" "org" "gov" "mil" "int")
217 "\\|")
218 "\\)$")
219 "A regexp of top level domains that only require two matching
220 '.'s in the domain name in order to set a cookie.")
221
222 (defcustom url-cookie-trusted-urls nil
223 "A list of regular expressions matching URLs to always accept cookies from."
224 :type '(repeat regexp)
225 :group 'url-cookie)
226
227 (defcustom url-cookie-untrusted-urls nil
228 "A list of regular expressions matching URLs to never accept cookies from."
229 :type '(repeat regexp)
230 :group 'url-cookie)
231
232 (defun url-cookie-host-can-set-p (host domain)
233 (let ((numdots 0)
234 (last nil)
235 (case-fold-search t)
236 (mindots 3))
237 (while (setq last (string-match "\\." domain last))
238 (setq numdots (1+ numdots)
239 last (1+ last)))
240 (if (string-match url-cookie-two-dot-domains domain)
241 (setq mindots 2))
242 (cond
243 ((string= host domain) ; Apparently netscape lets you do this
244 t)
245 ((>= numdots mindots) ; We have enough dots in domain name
246 ;; Need to check and make sure the host is actually _in_ the
247 ;; domain it wants to set a cookie for though.
248 (string-match (concat (regexp-quote
249 ;; Remove the dot from wildcard domains
250 ;; before matching.
251 (if (eq ?. (aref domain 0))
252 (substring domain 1)
253 domain))
254 "$") host))
255 (t
256 nil))))
257
258 (defun url-cookie-handle-set-cookie (str)
259 (setq url-cookies-changed-since-last-save t)
260 (let* ((args (url-parse-args str t))
261 (case-fold-search t)
262 (secure (and (assoc-string "secure" args t) t))
263 (domain (or (cdr-safe (assoc-string "domain" args t))
264 (url-host url-current-object)))
265 (current-url (url-view-url t))
266 (trusted url-cookie-trusted-urls)
267 (untrusted url-cookie-untrusted-urls)
268 (expires (cdr-safe (assoc-string "expires" args t)))
269 (localpart (or (cdr-safe (assoc-string "path" args t))
270 (file-name-directory
271 (url-filename url-current-object))))
272 (rest nil))
273 (dolist (this args)
274 (or (member (downcase (car this)) '("secure" "domain" "expires" "path"))
275 (setq rest (cons this rest))))
276
277 ;; Sometimes we get dates that the timezone package cannot handle very
278 ;; gracefully - take care of this here, instead of in url-cookie-expired-p
279 ;; to speed things up.
280 (and expires
281 (string-match
282 (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +"
283 "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$")
284 expires)
285 (setq expires (concat (match-string 1 expires) " "
286 (match-string 2 expires) " "
287 (match-string 3 expires) " "
288 (match-string 4 expires) " ["
289 (match-string 5 expires) "]")))
290
291 ;; This one is for older Emacs/XEmacs variants that don't
292 ;; understand this format without tenths of a second in it.
293 ;; Wednesday, 30-Dec-2037 16:00:00 GMT
294 ;; - vs -
295 ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT
296 (and expires
297 (string-match
298 "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)"
299 expires)
300 (setq expires (concat (match-string 1 expires) "-" ; day
301 (match-string 2 expires) "-" ; month
302 (match-string 3 expires) " " ; year
303 (match-string 4 expires) ".00 " ; hour:minutes:seconds
304 (match-string 6 expires)))) ":" ; timezone
305
306 (while (consp trusted)
307 (if (string-match (car trusted) current-url)
308 (setq trusted (- (match-end 0) (match-beginning 0)))
309 (pop trusted)))
310 (while (consp untrusted)
311 (if (string-match (car untrusted) current-url)
312 (setq untrusted (- (match-end 0) (match-beginning 0)))
313 (pop untrusted)))
314 (and trusted untrusted
315 ;; Choose the more specific match.
316 (set (if (> trusted untrusted) 'untrusted 'trusted) nil))
317 (cond
318 (untrusted
319 ;; The site was explicitly marked as untrusted by the user.
320 nil)
321 ((or (eq url-privacy-level 'paranoid)
322 (and (listp url-privacy-level) (memq 'cookies url-privacy-level)))
323 ;; User never wants cookies.
324 nil)
325 ((and url-cookie-confirmation
326 (not trusted)
327 (save-window-excursion
328 (with-output-to-temp-buffer "*Cookie Warning*"
329 (dolist (x rest)
330 (princ (format "%s - %s" (car x) (cdr x)))))
331 (prog1
332 (not (funcall url-confirmation-func
333 (format "Allow %s to set these cookies? "
334 (url-host url-current-object))))
335 (if (get-buffer "*Cookie Warning*")
336 (kill-buffer "*Cookie Warning*")))))
337 ;; User wants to be asked, and declined.
338 nil)
339 ((url-cookie-host-can-set-p (url-host url-current-object) domain)
340 ;; Cookie is accepted by the user, and passes our security checks.
341 (dolist (cur rest)
342 (url-cookie-store (car cur) (cdr cur) expires domain localpart secure)))
343 (t
344 (url-lazy-message "%s tried to set a cookie for domain %s - rejected."
345 (url-host url-current-object) domain)))))
346
347 (defvar url-cookie-timer nil)
348
349 (defcustom url-cookie-save-interval 3600
350 "The number of seconds between automatic saves of cookies.
351 Default is 1 hour. Note that if you change this variable outside of
352 the `customize' interface after `url-do-setup' has been run, you need
353 to run the `url-cookie-setup-save-timer' function manually."
354 :set #'(lambda (var val)
355 (set-default var val)
356 (if (bound-and-true-p url-setup-done)
357 (url-cookie-setup-save-timer)))
358 :type 'integer
359 :group 'url-cookie)
360
361 (defun url-cookie-setup-save-timer ()
362 "Reset the cookie saver timer."
363 (interactive)
364 (ignore-errors (cancel-timer url-cookie-timer))
365 (setq url-cookie-timer nil)
366 (if url-cookie-save-interval
367 (setq url-cookie-timer (run-at-time url-cookie-save-interval
368 url-cookie-save-interval
369 #'url-cookie-write-file))))
370
371 (provide 'url-cookie)
372
373 ;;; url-cookie.el ends here
Emacs repository mirror