Commit | Line | Data |
---|---|---|
105a786f | 1 | ;;; url-cookie.el --- URL cookie support |
10c3c720 | 2 | |
c4ae64d1 | 3 | ;; Copyright (C) 1996, 1997, 1998, 1999, 2004, 2005, 2006, 2007, 2008, |
5df4f04c | 4 | ;; 2009, 2010, 2011 Free Software Foundation, Inc. |
10c3c720 | 5 | |
8c8b8430 SM |
6 | ;; Keywords: comm, data, processes, hypermedia |
7 | ||
10c3c720 SM |
8 | ;; This file is part of GNU Emacs. |
9 | ;; | |
4936186e | 10 | ;; GNU Emacs is free software: you can redistribute it and/or modify |
10c3c720 | 11 | ;; it under the terms of the GNU General Public License as published by |
4936186e GM |
12 | ;; the Free Software Foundation, either version 3 of the License, or |
13 | ;; (at your option) any later version. | |
14 | ||
10c3c720 SM |
15 | ;; GNU Emacs is distributed in the hope that it will be useful, |
16 | ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;; GNU General Public License for more details. | |
4936186e | 19 | |
10c3c720 | 20 | ;; You should have received a copy of the GNU General Public License |
4936186e | 21 | ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. |
10c3c720 SM |
22 | |
23 | ;;; Commentary: | |
24 | ||
25 | ;;; Code: | |
8c8b8430 | 26 | |
8c8b8430 SM |
27 | (require 'url-util) |
28 | (require 'url-parse) | |
8c8b8430 | 29 | |
3cbc281e MB |
30 | (eval-when-compile (require 'cl)) ; defstruct |
31 | ||
8c8b8430 | 32 | (defgroup url-cookie nil |
5d9f30c6 | 33 | "URL cookies." |
8c8b8430 SM |
34 | :prefix "url-" |
35 | :prefix "url-cookie-" | |
36 | :group 'url) | |
37 | ||
495fa7db SM |
38 | ;; A cookie is stored internally as a vector of 7 slots |
39 | ;; [ cookie NAME VALUE EXPIRES LOCALPART DOMAIN SECURE ] | |
40 | ||
41 | (defstruct (url-cookie | |
42 | (:constructor url-cookie-create) | |
43 | (:copier nil) | |
44 | ;; For compatibility with a previous version which did not use | |
45 | ;; defstruct, and also in order to make sure that the printed | |
46 | ;; representation does not depend on CL internals, we use an | |
47 | ;; explicitly managed tag. | |
48 | (:type vector)) | |
49 | (tag 'cookie :read-only t) | |
50 | name value expires localpart domain secure) | |
51 | ||
8c8b8430 SM |
52 | (defvar url-cookie-storage nil "Where cookies are stored.") |
53 | (defvar url-cookie-secure-storage nil "Where secure cookies are stored.") | |
9f8a95cd | 54 | (defcustom url-cookie-file nil |
bc684c16 | 55 | "File where cookies are stored on disk." |
8c8b8430 SM |
56 | :type '(choice (const :tag "Default" :value nil) file) |
57 | :group 'url-file | |
58 | :group 'url-cookie) | |
59 | ||
60 | (defcustom url-cookie-confirmation nil | |
bc684c16 | 61 | "If non-nil, confirmation by the user is required to accept HTTP cookies." |
8c8b8430 SM |
62 | :type 'boolean |
63 | :group 'url-cookie) | |
64 | ||
65 | (defcustom url-cookie-multiple-line nil | |
bc684c16 | 66 | "If nil, HTTP requests put all cookies for the server on one line. |
8c8b8430 | 67 | Some web servers, such as http://www.hotmail.com/, only accept cookies |
eb88139e | 68 | when they are on one line. This is broken behavior, but just try |
93c8c9cd JB |
69 | telling Microsoft that." |
70 | :type 'boolean | |
71 | :group 'url-cookie) | |
8c8b8430 SM |
72 | |
73 | (defvar url-cookies-changed-since-last-save nil | |
74 | "Whether the cookies list has changed since the last save operation.") | |
75 | ||
8c8b8430 | 76 | (defun url-cookie-parse-file (&optional fname) |
105a786f GM |
77 | "Load FNAME, default `url-cookie-file'." |
78 | ;; It's completely normal for the cookies file not to exist yet. | |
79 | (load (or fname url-cookie-file) t t)) | |
8c8b8430 | 80 | |
36176341 | 81 | (declare-function url-cookie-p "url-cookie" t t) ; defstruct |
ba40adb4 | 82 | |
8c8b8430 | 83 | (defun url-cookie-clean-up (&optional secure) |
105a786f GM |
84 | (let ((var (if secure 'url-cookie-secure-storage 'url-cookie-storage)) |
85 | new new-cookies) | |
86 | (dolist (cur (symbol-value var)) | |
87 | (setq new-cookies nil) | |
88 | (dolist (cur-cookie (cdr cur)) | |
89 | (or (not (url-cookie-p cur-cookie)) | |
90 | (url-cookie-expired-p cur-cookie) | |
91 | (null (url-cookie-expires cur-cookie)) | |
92 | (setq new-cookies (cons cur-cookie new-cookies)))) | |
93 | (when new-cookies | |
8c8b8430 SM |
94 | (setcdr cur new-cookies) |
95 | (setq new (cons cur new)))) | |
96 | (set var new))) | |
97 | ||
8c8b8430 | 98 | (defun url-cookie-write-file (&optional fname) |
4e44324a GM |
99 | (when url-cookies-changed-since-last-save |
100 | (or fname (setq fname (expand-file-name url-cookie-file))) | |
101 | (if (condition-case nil | |
102 | (progn | |
103 | (url-make-private-file fname) | |
104 | nil) | |
105 | (error t)) | |
106 | (message "Error accessing cookie file `%s'" fname) | |
8c8b8430 SM |
107 | (url-cookie-clean-up) |
108 | (url-cookie-clean-up t) | |
4e44324a | 109 | (with-temp-buffer |
8c8b8430 SM |
110 | (insert ";; Emacs-W3 HTTP cookies file\n" |
111 | ";; Automatically generated file!!! DO NOT EDIT!!!\n\n" | |
112 | "(setq url-cookie-storage\n '") | |
113 | (pp url-cookie-storage (current-buffer)) | |
114 | (insert ")\n(setq url-cookie-secure-storage\n '") | |
115 | (pp url-cookie-secure-storage (current-buffer)) | |
116 | (insert ")\n") | |
7660c02f | 117 | (insert "\f\n;; Local Variables:\n" |
bc684c16 SM |
118 | ";; version-control: never\n" |
119 | ";; no-byte-compile: t\n" | |
120 | ";; End:\n") | |
7660c02f | 121 | (set (make-local-variable 'version-control) 'never) |
4e44324a GM |
122 | (write-file fname)) |
123 | (setq url-cookies-changed-since-last-save nil)))) | |
8c8b8430 | 124 | |
9f8a95cd | 125 | (defun url-cookie-store (name value &optional expires domain localpart secure) |
105a786f GM |
126 | "Store a cookie." |
127 | (let ((storage (if secure url-cookie-secure-storage url-cookie-storage)) | |
128 | tmp found-domain) | |
129 | ;; First, look for a matching domain. | |
130 | (if (setq found-domain (assoc domain storage)) | |
8c8b8430 SM |
131 | ;; Need to either stick the new cookie in existing domain storage |
132 | ;; or possibly replace an existing cookie if the names match. | |
105a786f GM |
133 | (unless (dolist (cur (setq storage (cdr found-domain)) tmp) |
134 | (and (equal localpart (url-cookie-localpart cur)) | |
135 | (equal name (url-cookie-name cur)) | |
136 | (progn | |
137 | (setf (url-cookie-expires cur) expires) | |
138 | (setf (url-cookie-value cur) value) | |
139 | (setq tmp t)))) | |
140 | ;; New cookie. | |
141 | (setcdr found-domain (cons | |
142 | (url-cookie-create :name name | |
143 | :value value | |
144 | :expires expires | |
145 | :domain domain | |
146 | :localpart localpart | |
147 | :secure secure) | |
148 | (cdr found-domain)))) | |
149 | ;; Need to add a new top-level domain. | |
8c8b8430 SM |
150 | (setq tmp (url-cookie-create :name name |
151 | :value value | |
152 | :expires expires | |
153 | :domain domain | |
9f8a95cd | 154 | :localpart localpart |
8c8b8430 | 155 | :secure secure)) |
105a786f GM |
156 | (cond (storage |
157 | (setcdr storage (cons (list domain tmp) (cdr storage)))) | |
158 | (secure | |
159 | (setq url-cookie-secure-storage (list (list domain tmp)))) | |
160 | (t | |
161 | (setq url-cookie-storage (list (list domain tmp)))))))) | |
8c8b8430 SM |
162 | |
163 | (defun url-cookie-expired-p (cookie) | |
c4ae64d1 GM |
164 | "Return non-nil if COOKIE is expired." |
165 | (let ((exp (url-cookie-expires cookie))) | |
166 | (and exp (> (float-time) (float-time (date-to-time exp)))))) | |
8c8b8430 | 167 | |
033535de | 168 | (defun url-cookie-retrieve (host &optional localpart secure) |
37bf6ce2 | 169 | "Retrieve all cookies for a specified HOST and LOCALPART." |
8c8b8430 SM |
170 | (let ((storage (if secure |
171 | (append url-cookie-secure-storage url-cookie-storage) | |
172 | url-cookie-storage)) | |
173 | (case-fold-search t) | |
105a786f GM |
174 | cookies retval localpart-match) |
175 | (dolist (cur storage) | |
176 | (setq cookies (cdr cur)) | |
8c8b8430 | 177 | (if (and (car cur) |
b4ddc815 CY |
178 | (string-match |
179 | (concat "^.*" | |
180 | (regexp-quote | |
181 | ;; Remove the dot from wildcard domains | |
182 | ;; before matching. | |
183 | (if (eq ?. (aref (car cur) 0)) | |
184 | (substring (car cur) 1) | |
185 | (car cur))) | |
186 | "$") host)) | |
8c8b8430 | 187 | ;; The domains match - a possible hit! |
105a786f GM |
188 | (dolist (cur cookies) |
189 | (and (if (and (stringp | |
190 | (setq localpart-match (url-cookie-localpart cur))) | |
191 | (stringp localpart)) | |
192 | (string-match (concat "^" (regexp-quote localpart-match)) | |
193 | localpart) | |
194 | (equal localpart localpart-match)) | |
195 | (not (url-cookie-expired-p cur)) | |
196 | (setq retval (cons cur retval)))))) | |
8c8b8430 SM |
197 | retval)) |
198 | ||
9f8a95cd | 199 | (defun url-cookie-generate-header-lines (host localpart secure) |
105a786f GM |
200 | (let ((cookies (url-cookie-retrieve host localpart secure)) |
201 | retval chunk) | |
202 | ;; Have to sort this for sending most specific cookies first. | |
8c8b8430 SM |
203 | (setq cookies (and cookies |
204 | (sort cookies | |
105a786f GM |
205 | (lambda (x y) |
206 | (> (length (url-cookie-localpart x)) | |
207 | (length (url-cookie-localpart y))))))) | |
208 | (dolist (cur cookies) | |
209 | (setq chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur)) | |
8c8b8430 SM |
210 | retval (if (and url-cookie-multiple-line |
211 | (< 80 (+ (length retval) (length chunk) 4))) | |
212 | (concat retval "\r\nCookie: " chunk) | |
213 | (if retval | |
214 | (concat retval "; " chunk) | |
215 | (concat "Cookie: " chunk))))) | |
216 | (if retval | |
217 | (concat retval "\r\n") | |
218 | ""))) | |
219 | ||
220 | (defvar url-cookie-two-dot-domains | |
221 | (concat "\\.\\(" | |
222 | (mapconcat 'identity (list "com" "edu" "net" "org" "gov" "mil" "int") | |
223 | "\\|") | |
224 | "\\)$") | |
10c3c720 | 225 | "A regexp of top level domains that only require two matching |
8c8b8430 SM |
226 | '.'s in the domain name in order to set a cookie.") |
227 | ||
228 | (defcustom url-cookie-trusted-urls nil | |
bc684c16 | 229 | "A list of regular expressions matching URLs to always accept cookies from." |
8c8b8430 SM |
230 | :type '(repeat regexp) |
231 | :group 'url-cookie) | |
232 | ||
233 | (defcustom url-cookie-untrusted-urls nil | |
bc684c16 | 234 | "A list of regular expressions matching URLs to never accept cookies from." |
8c8b8430 SM |
235 | :type '(repeat regexp) |
236 | :group 'url-cookie) | |
237 | ||
238 | (defun url-cookie-host-can-set-p (host domain) | |
239 | (let ((numdots 0) | |
8c8b8430 SM |
240 | (last nil) |
241 | (case-fold-search t) | |
242 | (mindots 3)) | |
243 | (while (setq last (string-match "\\." domain last)) | |
244 | (setq numdots (1+ numdots) | |
245 | last (1+ last))) | |
246 | (if (string-match url-cookie-two-dot-domains domain) | |
247 | (setq mindots 2)) | |
248 | (cond | |
249 | ((string= host domain) ; Apparently netscape lets you do this | |
250 | t) | |
251 | ((>= numdots mindots) ; We have enough dots in domain name | |
252 | ;; Need to check and make sure the host is actually _in_ the | |
253 | ;; domain it wants to set a cookie for though. | |
b4ddc815 CY |
254 | (string-match (concat (regexp-quote |
255 | ;; Remove the dot from wildcard domains | |
256 | ;; before matching. | |
257 | (if (eq ?. (aref domain 0)) | |
258 | (substring domain 1) | |
259 | domain)) | |
260 | "$") host)) | |
8c8b8430 SM |
261 | (t |
262 | nil)))) | |
263 | ||
8c8b8430 SM |
264 | (defun url-cookie-handle-set-cookie (str) |
265 | (setq url-cookies-changed-since-last-save t) | |
266 | (let* ((args (url-parse-args str t)) | |
267 | (case-fold-search t) | |
6e56e526 JPW |
268 | (secure (and (assoc-string "secure" args t) t)) |
269 | (domain (or (cdr-safe (assoc-string "domain" args t)) | |
8c8b8430 SM |
270 | (url-host url-current-object))) |
271 | (current-url (url-view-url t)) | |
272 | (trusted url-cookie-trusted-urls) | |
273 | (untrusted url-cookie-untrusted-urls) | |
6e56e526 | 274 | (expires (cdr-safe (assoc-string "expires" args t))) |
9f8a95cd RS |
275 | (localpart (or (cdr-safe (assoc-string "path" args t)) |
276 | (file-name-directory | |
277 | (url-filename url-current-object)))) | |
8c8b8430 | 278 | (rest nil)) |
105a786f GM |
279 | (dolist (this args) |
280 | (or (member (downcase (car this)) '("secure" "domain" "expires" "path")) | |
281 | (setq rest (cons this rest)))) | |
8c8b8430 SM |
282 | |
283 | ;; Sometimes we get dates that the timezone package cannot handle very | |
284 | ;; gracefully - take care of this here, instead of in url-cookie-expired-p | |
285 | ;; to speed things up. | |
105a786f GM |
286 | (and expires |
287 | (string-match | |
288 | (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +" | |
289 | "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$") | |
290 | expires) | |
291 | (setq expires (concat (match-string 1 expires) " " | |
292 | (match-string 2 expires) " " | |
293 | (match-string 3 expires) " " | |
294 | (match-string 4 expires) " [" | |
295 | (match-string 5 expires) "]"))) | |
8c8b8430 SM |
296 | |
297 | ;; This one is for older Emacs/XEmacs variants that don't | |
298 | ;; understand this format without tenths of a second in it. | |
299 | ;; Wednesday, 30-Dec-2037 16:00:00 GMT | |
300 | ;; - vs - | |
301 | ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT | |
105a786f GM |
302 | (and expires |
303 | (string-match | |
304 | "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)" | |
305 | expires) | |
306 | (setq expires (concat (match-string 1 expires) "-" ; day | |
307 | (match-string 2 expires) "-" ; month | |
308 | (match-string 3 expires) " " ; year | |
309 | (match-string 4 expires) ".00 " ; hour:minutes:seconds | |
310 | (match-string 6 expires)))) ":" ; timezone | |
6e56e526 | 311 | |
8c8b8430 SM |
312 | (while (consp trusted) |
313 | (if (string-match (car trusted) current-url) | |
314 | (setq trusted (- (match-end 0) (match-beginning 0))) | |
315 | (pop trusted))) | |
316 | (while (consp untrusted) | |
317 | (if (string-match (car untrusted) current-url) | |
318 | (setq untrusted (- (match-end 0) (match-beginning 0))) | |
319 | (pop untrusted))) | |
105a786f GM |
320 | (and trusted untrusted |
321 | ;; Choose the more specific match. | |
322 | (set (if (> trusted untrusted) 'untrusted 'trusted) nil)) | |
8c8b8430 SM |
323 | (cond |
324 | (untrusted | |
105a786f | 325 | ;; The site was explicity marked as untrusted by the user. |
8c8b8430 SM |
326 | nil) |
327 | ((or (eq url-privacy-level 'paranoid) | |
328 | (and (listp url-privacy-level) (memq 'cookies url-privacy-level))) | |
105a786f | 329 | ;; User never wants cookies. |
8c8b8430 SM |
330 | nil) |
331 | ((and url-cookie-confirmation | |
332 | (not trusted) | |
333 | (save-window-excursion | |
334 | (with-output-to-temp-buffer "*Cookie Warning*" | |
335 | (mapcar | |
105a786f GM |
336 | (lambda (x) |
337 | (princ (format "%s - %s" (car x) (cdr x)))) rest)) | |
8c8b8430 SM |
338 | (prog1 |
339 | (not (funcall url-confirmation-func | |
340 | (format "Allow %s to set these cookies? " | |
341 | (url-host url-current-object)))) | |
342 | (if (get-buffer "*Cookie Warning*") | |
343 | (kill-buffer "*Cookie Warning*"))))) | |
105a786f | 344 | ;; User wants to be asked, and declined. |
8c8b8430 SM |
345 | nil) |
346 | ((url-cookie-host-can-set-p (url-host url-current-object) domain) | |
105a786f GM |
347 | ;; Cookie is accepted by the user, and passes our security checks. |
348 | (dolist (cur rest) | |
349 | (url-cookie-store (car cur) (cdr cur) expires domain localpart secure))) | |
8c8b8430 | 350 | (t |
82b9f9f5 LMI |
351 | (url-lazy-message "%s tried to set a cookie for domain %s - rejected." |
352 | (url-host url-current-object) domain))))) | |
8c8b8430 SM |
353 | |
354 | (defvar url-cookie-timer nil) | |
355 | ||
356 | (defcustom url-cookie-save-interval 3600 | |
bc684c16 | 357 | "The number of seconds between automatic saves of cookies. |
8c8b8430 SM |
358 | Default is 1 hour. Note that if you change this variable outside of |
359 | the `customize' interface after `url-do-setup' has been run, you need | |
360 | to run the `url-cookie-setup-save-timer' function manually." | |
0c069924 RS |
361 | :set #'(lambda (var val) |
362 | (set-default var val) | |
363 | (if (bound-and-true-p url-setup-done) | |
364 | (url-cookie-setup-save-timer))) | |
8c8b8430 | 365 | :type 'integer |
bc684c16 | 366 | :group 'url-cookie) |
8c8b8430 | 367 | |
8c8b8430 SM |
368 | (defun url-cookie-setup-save-timer () |
369 | "Reset the cookie saver timer." | |
370 | (interactive) | |
0c069924 | 371 | (ignore-errors (cancel-timer url-cookie-timer)) |
10c3c720 SM |
372 | (setq url-cookie-timer nil) |
373 | (if url-cookie-save-interval | |
0c069924 RS |
374 | (setq url-cookie-timer (run-at-time url-cookie-save-interval |
375 | url-cookie-save-interval | |
376 | #'url-cookie-write-file)))) | |
8c8b8430 SM |
377 | |
378 | (provide 'url-cookie) | |
379 | ||
10c3c720 | 380 | ;;; url-cookie.el ends here |