Commit | Line | Data |
---|---|---|
8c8b8430 | 1 | ;;; url-cookie.el --- Netscape Cookie support |
10c3c720 | 2 | |
71ddfde5 | 3 | ;; Copyright (C) 1996, 1997, 1998, 1999, 2004, |
ae940284 | 4 | ;; 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. |
10c3c720 | 5 | |
8c8b8430 SM |
6 | ;; Keywords: comm, data, processes, hypermedia |
7 | ||
10c3c720 SM |
8 | ;; This file is part of GNU Emacs. |
9 | ;; | |
4936186e | 10 | ;; GNU Emacs is free software: you can redistribute it and/or modify |
10c3c720 | 11 | ;; it under the terms of the GNU General Public License as published by |
4936186e GM |
12 | ;; the Free Software Foundation, either version 3 of the License, or |
13 | ;; (at your option) any later version. | |
14 | ||
10c3c720 SM |
15 | ;; GNU Emacs is distributed in the hope that it will be useful, |
16 | ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;; GNU General Public License for more details. | |
4936186e | 19 | |
10c3c720 | 20 | ;; You should have received a copy of the GNU General Public License |
4936186e | 21 | ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. |
10c3c720 SM |
22 | |
23 | ;;; Commentary: | |
24 | ||
25 | ;;; Code: | |
8c8b8430 SM |
26 | |
27 | (require 'timezone) | |
28 | (require 'url-util) | |
29 | (require 'url-parse) | |
30 | (eval-when-compile (require 'cl)) | |
31 | ||
32 | ;; See http://home.netscape.com/newsref/std/cookie_spec.html for the | |
33 | ;; 'open standard' defining this crap. | |
8c8b8430 SM |
34 | |
35 | (defgroup url-cookie nil | |
5d9f30c6 | 36 | "URL cookies." |
8c8b8430 SM |
37 | :prefix "url-" |
38 | :prefix "url-cookie-" | |
39 | :group 'url) | |
40 | ||
495fa7db SM |
41 | ;; A cookie is stored internally as a vector of 7 slots |
42 | ;; [ cookie NAME VALUE EXPIRES LOCALPART DOMAIN SECURE ] | |
43 | ||
44 | (defstruct (url-cookie | |
45 | (:constructor url-cookie-create) | |
46 | (:copier nil) | |
47 | ;; For compatibility with a previous version which did not use | |
48 | ;; defstruct, and also in order to make sure that the printed | |
49 | ;; representation does not depend on CL internals, we use an | |
50 | ;; explicitly managed tag. | |
51 | (:type vector)) | |
52 | (tag 'cookie :read-only t) | |
53 | name value expires localpart domain secure) | |
54 | ||
8c8b8430 SM |
55 | (defvar url-cookie-storage nil "Where cookies are stored.") |
56 | (defvar url-cookie-secure-storage nil "Where secure cookies are stored.") | |
9f8a95cd | 57 | (defcustom url-cookie-file nil |
bc684c16 | 58 | "File where cookies are stored on disk." |
8c8b8430 SM |
59 | :type '(choice (const :tag "Default" :value nil) file) |
60 | :group 'url-file | |
61 | :group 'url-cookie) | |
62 | ||
63 | (defcustom url-cookie-confirmation nil | |
bc684c16 | 64 | "If non-nil, confirmation by the user is required to accept HTTP cookies." |
8c8b8430 SM |
65 | :type 'boolean |
66 | :group 'url-cookie) | |
67 | ||
68 | (defcustom url-cookie-multiple-line nil | |
bc684c16 | 69 | "If nil, HTTP requests put all cookies for the server on one line. |
8c8b8430 | 70 | Some web servers, such as http://www.hotmail.com/, only accept cookies |
eb88139e | 71 | when they are on one line. This is broken behavior, but just try |
93c8c9cd JB |
72 | telling Microsoft that." |
73 | :type 'boolean | |
74 | :group 'url-cookie) | |
8c8b8430 SM |
75 | |
76 | (defvar url-cookies-changed-since-last-save nil | |
77 | "Whether the cookies list has changed since the last save operation.") | |
78 | ||
8c8b8430 SM |
79 | (defun url-cookie-parse-file (&optional fname) |
80 | (setq fname (or fname url-cookie-file)) | |
81 | (condition-case () | |
82 | (load fname nil t) | |
72a30be4 SM |
83 | (error |
84 | ;; It's completely normal for the cookies file not to exist yet. | |
85 | ;; (message "Could not load cookie file %s" fname) | |
86 | ))) | |
8c8b8430 | 87 | |
36176341 | 88 | (declare-function url-cookie-p "url-cookie" t t) ; defstruct |
ba40adb4 | 89 | |
8c8b8430 SM |
90 | (defun url-cookie-clean-up (&optional secure) |
91 | (let* ( | |
92 | (var (if secure 'url-cookie-secure-storage 'url-cookie-storage)) | |
93 | (val (symbol-value var)) | |
94 | (cur nil) | |
95 | (new nil) | |
96 | (cookies nil) | |
97 | (cur-cookie nil) | |
98 | (new-cookies nil) | |
99 | ) | |
100 | (while val | |
101 | (setq cur (car val) | |
102 | val (cdr val) | |
103 | new-cookies nil | |
104 | cookies (cdr cur)) | |
105 | (while cookies | |
106 | (setq cur-cookie (car cookies) | |
107 | cookies (cdr cookies)) | |
108 | (if (or (not (url-cookie-p cur-cookie)) | |
109 | (url-cookie-expired-p cur-cookie) | |
110 | (null (url-cookie-expires cur-cookie))) | |
111 | nil | |
112 | (setq new-cookies (cons cur-cookie new-cookies)))) | |
113 | (if (not new-cookies) | |
114 | nil | |
115 | (setcdr cur new-cookies) | |
116 | (setq new (cons cur new)))) | |
117 | (set var new))) | |
118 | ||
8c8b8430 | 119 | (defun url-cookie-write-file (&optional fname) |
4e44324a GM |
120 | (when url-cookies-changed-since-last-save |
121 | (or fname (setq fname (expand-file-name url-cookie-file))) | |
122 | (if (condition-case nil | |
123 | (progn | |
124 | (url-make-private-file fname) | |
125 | nil) | |
126 | (error t)) | |
127 | (message "Error accessing cookie file `%s'" fname) | |
8c8b8430 SM |
128 | (url-cookie-clean-up) |
129 | (url-cookie-clean-up t) | |
4e44324a | 130 | (with-temp-buffer |
8c8b8430 SM |
131 | (insert ";; Emacs-W3 HTTP cookies file\n" |
132 | ";; Automatically generated file!!! DO NOT EDIT!!!\n\n" | |
133 | "(setq url-cookie-storage\n '") | |
134 | (pp url-cookie-storage (current-buffer)) | |
135 | (insert ")\n(setq url-cookie-secure-storage\n '") | |
136 | (pp url-cookie-secure-storage (current-buffer)) | |
137 | (insert ")\n") | |
7660c02f | 138 | (insert "\f\n;; Local Variables:\n" |
bc684c16 SM |
139 | ";; version-control: never\n" |
140 | ";; no-byte-compile: t\n" | |
141 | ";; End:\n") | |
7660c02f | 142 | (set (make-local-variable 'version-control) 'never) |
4e44324a GM |
143 | (write-file fname)) |
144 | (setq url-cookies-changed-since-last-save nil)))) | |
8c8b8430 | 145 | |
9f8a95cd | 146 | (defun url-cookie-store (name value &optional expires domain localpart secure) |
10c3c720 | 147 | "Store a netscape-style cookie." |
8c8b8430 SM |
148 | (let* ((storage (if secure url-cookie-secure-storage url-cookie-storage)) |
149 | (tmp storage) | |
150 | (cur nil) | |
151 | (found-domain nil)) | |
152 | ||
153 | ;; First, look for a matching domain | |
154 | (setq found-domain (assoc domain storage)) | |
155 | ||
156 | (if found-domain | |
157 | ;; Need to either stick the new cookie in existing domain storage | |
158 | ;; or possibly replace an existing cookie if the names match. | |
159 | (progn | |
160 | (setq storage (cdr found-domain) | |
161 | tmp nil) | |
162 | (while storage | |
163 | (setq cur (car storage) | |
164 | storage (cdr storage)) | |
9f8a95cd | 165 | (if (and (equal localpart (url-cookie-localpart cur)) |
8c8b8430 SM |
166 | (equal name (url-cookie-name cur))) |
167 | (progn | |
495fa7db SM |
168 | (setf (url-cookie-expires cur) expires) |
169 | (setf (url-cookie-value cur) value) | |
8c8b8430 SM |
170 | (setq tmp t)))) |
171 | (if (not tmp) | |
172 | ;; New cookie | |
173 | (setcdr found-domain (cons | |
174 | (url-cookie-create :name name | |
175 | :value value | |
176 | :expires expires | |
177 | :domain domain | |
9f8a95cd | 178 | :localpart localpart |
8c8b8430 SM |
179 | :secure secure) |
180 | (cdr found-domain))))) | |
181 | ;; Need to add a new top-level domain | |
182 | (setq tmp (url-cookie-create :name name | |
183 | :value value | |
184 | :expires expires | |
185 | :domain domain | |
9f8a95cd | 186 | :localpart localpart |
8c8b8430 SM |
187 | :secure secure)) |
188 | (cond | |
189 | (storage | |
190 | (setcdr storage (cons (list domain tmp) (cdr storage)))) | |
191 | (secure | |
192 | (setq url-cookie-secure-storage (list (list domain tmp)))) | |
193 | (t | |
194 | (setq url-cookie-storage (list (list domain tmp)))))))) | |
195 | ||
196 | (defun url-cookie-expired-p (cookie) | |
197 | (let* ( | |
198 | (exp (url-cookie-expires cookie)) | |
199 | (cur-date (and exp (timezone-parse-date (current-time-string)))) | |
200 | (exp-date (and exp (timezone-parse-date exp))) | |
201 | (cur-greg (and cur-date (timezone-absolute-from-gregorian | |
216d3806 JB |
202 | (string-to-number (aref cur-date 1)) |
203 | (string-to-number (aref cur-date 2)) | |
204 | (string-to-number (aref cur-date 0))))) | |
8c8b8430 | 205 | (exp-greg (and exp (timezone-absolute-from-gregorian |
216d3806 JB |
206 | (string-to-number (aref exp-date 1)) |
207 | (string-to-number (aref exp-date 2)) | |
208 | (string-to-number (aref exp-date 0))))) | |
8c8b8430 SM |
209 | (diff-in-days (and exp (- cur-greg exp-greg))) |
210 | ) | |
211 | (cond | |
212 | ((not exp) nil) ; No expiry == expires at browser quit | |
213 | ((< diff-in-days 0) nil) ; Expires sometime after today | |
214 | ((> diff-in-days 0) t) ; Expired before today | |
215 | (t ; Expires sometime today, check times | |
216 | (let* ((cur-time (timezone-parse-time (aref cur-date 3))) | |
217 | (exp-time (timezone-parse-time (aref exp-date 3))) | |
216d3806 JB |
218 | (cur-norm (+ (* 360 (string-to-number (aref cur-time 2))) |
219 | (* 60 (string-to-number (aref cur-time 1))) | |
220 | (* 1 (string-to-number (aref cur-time 0))))) | |
221 | (exp-norm (+ (* 360 (string-to-number (aref exp-time 2))) | |
222 | (* 60 (string-to-number (aref exp-time 1))) | |
223 | (* 1 (string-to-number (aref exp-time 0)))))) | |
8c8b8430 SM |
224 | (> (- cur-norm exp-norm) 1)))))) |
225 | ||
033535de | 226 | (defun url-cookie-retrieve (host &optional localpart secure) |
9f8a95cd | 227 | "Retrieve all the netscape-style cookies for a specified HOST and LOCALPART." |
8c8b8430 SM |
228 | (let ((storage (if secure |
229 | (append url-cookie-secure-storage url-cookie-storage) | |
230 | url-cookie-storage)) | |
231 | (case-fold-search t) | |
232 | (cookies nil) | |
233 | (cur nil) | |
234 | (retval nil) | |
033535de | 235 | (localpart-match nil)) |
8c8b8430 SM |
236 | (while storage |
237 | (setq cur (car storage) | |
238 | storage (cdr storage) | |
239 | cookies (cdr cur)) | |
240 | (if (and (car cur) | |
b4ddc815 CY |
241 | (string-match |
242 | (concat "^.*" | |
243 | (regexp-quote | |
244 | ;; Remove the dot from wildcard domains | |
245 | ;; before matching. | |
246 | (if (eq ?. (aref (car cur) 0)) | |
247 | (substring (car cur) 1) | |
248 | (car cur))) | |
249 | "$") host)) | |
8c8b8430 SM |
250 | ;; The domains match - a possible hit! |
251 | (while cookies | |
252 | (setq cur (car cookies) | |
253 | cookies (cdr cookies) | |
033535de CY |
254 | localpart-match (let ((lp (url-cookie-localpart cur))) |
255 | (when lp | |
256 | (concat "^" (regexp-quote lp))))) | |
257 | (if (and (equal localpart localpart-match) | |
8c8b8430 SM |
258 | (not (url-cookie-expired-p cur))) |
259 | (setq retval (cons cur retval)))))) | |
260 | retval)) | |
261 | ||
9f8a95cd RS |
262 | (defun url-cookie-generate-header-lines (host localpart secure) |
263 | (let* ((cookies (url-cookie-retrieve host localpart secure)) | |
264 | (retval nil) | |
265 | (cur nil) | |
266 | (chunk nil)) | |
8c8b8430 SM |
267 | ;; Have to sort this for sending most specific cookies first |
268 | (setq cookies (and cookies | |
269 | (sort cookies | |
270 | (function | |
271 | (lambda (x y) | |
9f8a95cd RS |
272 | (> (length (url-cookie-localpart x)) |
273 | (length (url-cookie-localpart y)))))))) | |
8c8b8430 SM |
274 | (while cookies |
275 | (setq cur (car cookies) | |
276 | cookies (cdr cookies) | |
277 | chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur)) | |
278 | retval (if (and url-cookie-multiple-line | |
279 | (< 80 (+ (length retval) (length chunk) 4))) | |
280 | (concat retval "\r\nCookie: " chunk) | |
281 | (if retval | |
282 | (concat retval "; " chunk) | |
283 | (concat "Cookie: " chunk))))) | |
284 | (if retval | |
285 | (concat retval "\r\n") | |
286 | ""))) | |
287 | ||
288 | (defvar url-cookie-two-dot-domains | |
289 | (concat "\\.\\(" | |
290 | (mapconcat 'identity (list "com" "edu" "net" "org" "gov" "mil" "int") | |
291 | "\\|") | |
292 | "\\)$") | |
10c3c720 | 293 | "A regexp of top level domains that only require two matching |
8c8b8430 SM |
294 | '.'s in the domain name in order to set a cookie.") |
295 | ||
296 | (defcustom url-cookie-trusted-urls nil | |
bc684c16 | 297 | "A list of regular expressions matching URLs to always accept cookies from." |
8c8b8430 SM |
298 | :type '(repeat regexp) |
299 | :group 'url-cookie) | |
300 | ||
301 | (defcustom url-cookie-untrusted-urls nil | |
bc684c16 | 302 | "A list of regular expressions matching URLs to never accept cookies from." |
8c8b8430 SM |
303 | :type '(repeat regexp) |
304 | :group 'url-cookie) | |
305 | ||
306 | (defun url-cookie-host-can-set-p (host domain) | |
307 | (let ((numdots 0) | |
8c8b8430 SM |
308 | (last nil) |
309 | (case-fold-search t) | |
310 | (mindots 3)) | |
311 | (while (setq last (string-match "\\." domain last)) | |
312 | (setq numdots (1+ numdots) | |
313 | last (1+ last))) | |
314 | (if (string-match url-cookie-two-dot-domains domain) | |
315 | (setq mindots 2)) | |
316 | (cond | |
317 | ((string= host domain) ; Apparently netscape lets you do this | |
318 | t) | |
319 | ((>= numdots mindots) ; We have enough dots in domain name | |
320 | ;; Need to check and make sure the host is actually _in_ the | |
321 | ;; domain it wants to set a cookie for though. | |
b4ddc815 CY |
322 | (string-match (concat (regexp-quote |
323 | ;; Remove the dot from wildcard domains | |
324 | ;; before matching. | |
325 | (if (eq ?. (aref domain 0)) | |
326 | (substring domain 1) | |
327 | domain)) | |
328 | "$") host)) | |
8c8b8430 SM |
329 | (t |
330 | nil)))) | |
331 | ||
8c8b8430 SM |
332 | (defun url-cookie-handle-set-cookie (str) |
333 | (setq url-cookies-changed-since-last-save t) | |
334 | (let* ((args (url-parse-args str t)) | |
335 | (case-fold-search t) | |
6e56e526 JPW |
336 | (secure (and (assoc-string "secure" args t) t)) |
337 | (domain (or (cdr-safe (assoc-string "domain" args t)) | |
8c8b8430 SM |
338 | (url-host url-current-object))) |
339 | (current-url (url-view-url t)) | |
340 | (trusted url-cookie-trusted-urls) | |
341 | (untrusted url-cookie-untrusted-urls) | |
6e56e526 | 342 | (expires (cdr-safe (assoc-string "expires" args t))) |
9f8a95cd RS |
343 | (localpart (or (cdr-safe (assoc-string "path" args t)) |
344 | (file-name-directory | |
345 | (url-filename url-current-object)))) | |
8c8b8430 SM |
346 | (rest nil)) |
347 | (while args | |
348 | (if (not (member (downcase (car (car args))) | |
349 | '("secure" "domain" "expires" "path"))) | |
350 | (setq rest (cons (car args) rest))) | |
351 | (setq args (cdr args))) | |
352 | ||
353 | ;; Sometimes we get dates that the timezone package cannot handle very | |
354 | ;; gracefully - take care of this here, instead of in url-cookie-expired-p | |
355 | ;; to speed things up. | |
356 | (if (and expires | |
357 | (string-match | |
358 | (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +" | |
359 | "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$") | |
360 | expires)) | |
361 | (setq expires (concat (match-string 1 expires) " " | |
362 | (match-string 2 expires) " " | |
363 | (match-string 3 expires) " " | |
364 | (match-string 4 expires) " [" | |
365 | (match-string 5 expires) "]"))) | |
366 | ||
367 | ;; This one is for older Emacs/XEmacs variants that don't | |
368 | ;; understand this format without tenths of a second in it. | |
369 | ;; Wednesday, 30-Dec-2037 16:00:00 GMT | |
370 | ;; - vs - | |
371 | ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT | |
372 | (if (and expires | |
373 | (string-match | |
374 | "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)" | |
375 | expires)) | |
376 | (setq expires (concat (match-string 1 expires) "-" ; day | |
377 | (match-string 2 expires) "-" ; month | |
378 | (match-string 3 expires) " " ; year | |
379 | (match-string 4 expires) ".00 " ; hour:minutes:seconds | |
380 | (match-string 6 expires)))) ":" ; timezone | |
6e56e526 | 381 | |
8c8b8430 SM |
382 | (while (consp trusted) |
383 | (if (string-match (car trusted) current-url) | |
384 | (setq trusted (- (match-end 0) (match-beginning 0))) | |
385 | (pop trusted))) | |
386 | (while (consp untrusted) | |
387 | (if (string-match (car untrusted) current-url) | |
388 | (setq untrusted (- (match-end 0) (match-beginning 0))) | |
389 | (pop untrusted))) | |
390 | (if (and trusted untrusted) | |
391 | ;; Choose the more specific match | |
392 | (if (> trusted untrusted) | |
393 | (setq untrusted nil) | |
394 | (setq trusted nil))) | |
395 | (cond | |
396 | (untrusted | |
397 | ;; The site was explicity marked as untrusted by the user | |
398 | nil) | |
399 | ((or (eq url-privacy-level 'paranoid) | |
400 | (and (listp url-privacy-level) (memq 'cookies url-privacy-level))) | |
401 | ;; user never wants cookies | |
402 | nil) | |
403 | ((and url-cookie-confirmation | |
404 | (not trusted) | |
405 | (save-window-excursion | |
406 | (with-output-to-temp-buffer "*Cookie Warning*" | |
407 | (mapcar | |
408 | (function | |
409 | (lambda (x) | |
410 | (princ (format "%s - %s" (car x) (cdr x))))) rest)) | |
411 | (prog1 | |
412 | (not (funcall url-confirmation-func | |
413 | (format "Allow %s to set these cookies? " | |
414 | (url-host url-current-object)))) | |
415 | (if (get-buffer "*Cookie Warning*") | |
416 | (kill-buffer "*Cookie Warning*"))))) | |
417 | ;; user wants to be asked, and declined. | |
418 | nil) | |
419 | ((url-cookie-host-can-set-p (url-host url-current-object) domain) | |
420 | ;; Cookie is accepted by the user, and passes our security checks | |
421 | (let ((cur nil)) | |
422 | (while rest | |
423 | (setq cur (pop rest)) | |
424 | (url-cookie-store (car cur) (cdr cur) | |
9f8a95cd | 425 | expires domain localpart secure)))) |
8c8b8430 SM |
426 | (t |
427 | (message "%s tried to set a cookie for domain %s - rejected." | |
428 | (url-host url-current-object) domain))))) | |
429 | ||
430 | (defvar url-cookie-timer nil) | |
431 | ||
432 | (defcustom url-cookie-save-interval 3600 | |
bc684c16 | 433 | "The number of seconds between automatic saves of cookies. |
8c8b8430 SM |
434 | Default is 1 hour. Note that if you change this variable outside of |
435 | the `customize' interface after `url-do-setup' has been run, you need | |
436 | to run the `url-cookie-setup-save-timer' function manually." | |
0c069924 RS |
437 | :set #'(lambda (var val) |
438 | (set-default var val) | |
439 | (if (bound-and-true-p url-setup-done) | |
440 | (url-cookie-setup-save-timer))) | |
8c8b8430 | 441 | :type 'integer |
bc684c16 | 442 | :group 'url-cookie) |
8c8b8430 | 443 | |
8c8b8430 SM |
444 | (defun url-cookie-setup-save-timer () |
445 | "Reset the cookie saver timer." | |
446 | (interactive) | |
0c069924 | 447 | (ignore-errors (cancel-timer url-cookie-timer)) |
10c3c720 SM |
448 | (setq url-cookie-timer nil) |
449 | (if url-cookie-save-interval | |
0c069924 RS |
450 | (setq url-cookie-timer (run-at-time url-cookie-save-interval |
451 | url-cookie-save-interval | |
452 | #'url-cookie-write-file)))) | |
8c8b8430 SM |
453 | |
454 | (provide 'url-cookie) | |
455 | ||
10c3c720 SM |
456 | ;; arch-tag: 2568751b-6452-4398-aa2d-303edadb54d7 |
457 | ;;; url-cookie.el ends here |