]> code.delx.au - gnu-emacs/blob - lisp/url/url-cookie.el
delx.au / code / gnu-emacs / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* emulation/cua-base.el (cua--init-keymaps):
[gnu-emacs] / lisp / url / url-cookie.el
1 ;;; url-cookie.el --- URL cookie support
2
3 ;; Copyright (C) 1996, 1997, 1998, 1999, 2004, 2005, 2006, 2007, 2008,
4 ;; 2009, 2010 Free Software Foundation, Inc.
5
6 ;; Keywords: comm, data, processes, hypermedia
7
8 ;; This file is part of GNU Emacs.
9 ;;
10 ;; GNU Emacs is free software: you can redistribute it and/or modify
11 ;; it under the terms of the GNU General Public License as published by
12 ;; the Free Software Foundation, either version 3 of the License, or
13 ;; (at your option) any later version.
14
15 ;; GNU Emacs is distributed in the hope that it will be useful,
16 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;; GNU General Public License for more details.
19
20 ;; You should have received a copy of the GNU General Public License
21 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
22
23 ;;; Commentary:
24
25 ;;; Code:
26
27 (require 'url-util)
28 (require 'url-parse)
29
30 (eval-when-compile (require 'cl)) ; defstruct
31
32 (defgroup url-cookie nil
33 "URL cookies."
34 :prefix "url-"
35 :prefix "url-cookie-"
36 :group 'url)
37
38 ;; A cookie is stored internally as a vector of 7 slots
39 ;; [ cookie NAME VALUE EXPIRES LOCALPART DOMAIN SECURE ]
40
41 (defstruct (url-cookie
42 (:constructor url-cookie-create)
43 (:copier nil)
44 ;; For compatibility with a previous version which did not use
45 ;; defstruct, and also in order to make sure that the printed
46 ;; representation does not depend on CL internals, we use an
47 ;; explicitly managed tag.
48 (:type vector))
49 (tag 'cookie :read-only t)
50 name value expires localpart domain secure)
51
52 (defvar url-cookie-storage nil "Where cookies are stored.")
53 (defvar url-cookie-secure-storage nil "Where secure cookies are stored.")
54 (defcustom url-cookie-file nil
55 "File where cookies are stored on disk."
56 :type '(choice (const :tag "Default" :value nil) file)
57 :group 'url-file
58 :group 'url-cookie)
59
60 (defcustom url-cookie-confirmation nil
61 "If non-nil, confirmation by the user is required to accept HTTP cookies."
62 :type 'boolean
63 :group 'url-cookie)
64
65 (defcustom url-cookie-multiple-line nil
66 "If nil, HTTP requests put all cookies for the server on one line.
67 Some web servers, such as http://www.hotmail.com/, only accept cookies
68 when they are on one line. This is broken behavior, but just try
69 telling Microsoft that."
70 :type 'boolean
71 :group 'url-cookie)
72
73 (defvar url-cookies-changed-since-last-save nil
74 "Whether the cookies list has changed since the last save operation.")
75
76 (defun url-cookie-parse-file (&optional fname)
77 "Load FNAME, default `url-cookie-file'."
78 ;; It's completely normal for the cookies file not to exist yet.
79 (load (or fname url-cookie-file) t t))
80
81 (declare-function url-cookie-p "url-cookie" t t) ; defstruct
82
83 (defun url-cookie-clean-up (&optional secure)
84 (let ((var (if secure 'url-cookie-secure-storage 'url-cookie-storage))
85 new new-cookies)
86 (dolist (cur (symbol-value var))
87 (setq new-cookies nil)
88 (dolist (cur-cookie (cdr cur))
89 (or (not (url-cookie-p cur-cookie))
90 (url-cookie-expired-p cur-cookie)
91 (null (url-cookie-expires cur-cookie))
92 (setq new-cookies (cons cur-cookie new-cookies))))
93 (when new-cookies
94 (setcdr cur new-cookies)
95 (setq new (cons cur new))))
96 (set var new)))
97
98 (defun url-cookie-write-file (&optional fname)
99 (when url-cookies-changed-since-last-save
100 (or fname (setq fname (expand-file-name url-cookie-file)))
101 (if (condition-case nil
102 (progn
103 (url-make-private-file fname)
104 nil)
105 (error t))
106 (message "Error accessing cookie file `%s'" fname)
107 (url-cookie-clean-up)
108 (url-cookie-clean-up t)
109 (with-temp-buffer
110 (insert ";; Emacs-W3 HTTP cookies file\n"
111 ";; Automatically generated file!!! DO NOT EDIT!!!\n\n"
112 "(setq url-cookie-storage\n '")
113 (pp url-cookie-storage (current-buffer))
114 (insert ")\n(setq url-cookie-secure-storage\n '")
115 (pp url-cookie-secure-storage (current-buffer))
116 (insert ")\n")
117 (insert "\f\n;; Local Variables:\n"
118 ";; version-control: never\n"
119 ";; no-byte-compile: t\n"
120 ";; End:\n")
121 (set (make-local-variable 'version-control) 'never)
122 (write-file fname))
123 (setq url-cookies-changed-since-last-save nil))))
124
125 (defun url-cookie-store (name value &optional expires domain localpart secure)
126 "Store a cookie."
127 (let ((storage (if secure url-cookie-secure-storage url-cookie-storage))
128 tmp found-domain)
129 ;; First, look for a matching domain.
130 (if (setq found-domain (assoc domain storage))
131 ;; Need to either stick the new cookie in existing domain storage
132 ;; or possibly replace an existing cookie if the names match.
133 (unless (dolist (cur (setq storage (cdr found-domain)) tmp)
134 (and (equal localpart (url-cookie-localpart cur))
135 (equal name (url-cookie-name cur))
136 (progn
137 (setf (url-cookie-expires cur) expires)
138 (setf (url-cookie-value cur) value)
139 (setq tmp t))))
140 ;; New cookie.
141 (setcdr found-domain (cons
142 (url-cookie-create :name name
143 :value value
144 :expires expires
145 :domain domain
146 :localpart localpart
147 :secure secure)
148 (cdr found-domain))))
149 ;; Need to add a new top-level domain.
150 (setq tmp (url-cookie-create :name name
151 :value value
152 :expires expires
153 :domain domain
154 :localpart localpart
155 :secure secure))
156 (cond (storage
157 (setcdr storage (cons (list domain tmp) (cdr storage))))
158 (secure
159 (setq url-cookie-secure-storage (list (list domain tmp))))
160 (t
161 (setq url-cookie-storage (list (list domain tmp))))))))
162
163 (defun url-cookie-expired-p (cookie)
164 "Return non-nil if COOKIE is expired."
165 (let ((exp (url-cookie-expires cookie)))
166 (and exp (> (float-time) (float-time (date-to-time exp))))))
167
168 (defun url-cookie-retrieve (host &optional localpart secure)
169 "Retrieve all cookies for a specified HOST and LOCALPART."
170 (let ((storage (if secure
171 (append url-cookie-secure-storage url-cookie-storage)
172 url-cookie-storage))
173 (case-fold-search t)
174 cookies retval localpart-match)
175 (dolist (cur storage)
176 (setq cookies (cdr cur))
177 (if (and (car cur)
178 (string-match
179 (concat "^.*"
180 (regexp-quote
181 ;; Remove the dot from wildcard domains
182 ;; before matching.
183 (if (eq ?. (aref (car cur) 0))
184 (substring (car cur) 1)
185 (car cur)))
186 "$") host))
187 ;; The domains match - a possible hit!
188 (dolist (cur cookies)
189 (and (if (and (stringp
190 (setq localpart-match (url-cookie-localpart cur)))
191 (stringp localpart))
192 (string-match (concat "^" (regexp-quote localpart-match))
193 localpart)
194 (equal localpart localpart-match))
195 (not (url-cookie-expired-p cur))
196 (setq retval (cons cur retval))))))
197 retval))
198
199 (defun url-cookie-generate-header-lines (host localpart secure)
200 (let ((cookies (url-cookie-retrieve host localpart secure))
201 retval chunk)
202 ;; Have to sort this for sending most specific cookies first.
203 (setq cookies (and cookies
204 (sort cookies
205 (lambda (x y)
206 (> (length (url-cookie-localpart x))
207 (length (url-cookie-localpart y)))))))
208 (dolist (cur cookies)
209 (setq chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur))
210 retval (if (and url-cookie-multiple-line
211 (< 80 (+ (length retval) (length chunk) 4)))
212 (concat retval "\r\nCookie: " chunk)
213 (if retval
214 (concat retval "; " chunk)
215 (concat "Cookie: " chunk)))))
216 (if retval
217 (concat retval "\r\n")
218 "")))
219
220 (defvar url-cookie-two-dot-domains
221 (concat "\\.\\("
222 (mapconcat 'identity (list "com" "edu" "net" "org" "gov" "mil" "int")
223 "\\|")
224 "\\)$")
225 "A regexp of top level domains that only require two matching
226 '.'s in the domain name in order to set a cookie.")
227
228 (defcustom url-cookie-trusted-urls nil
229 "A list of regular expressions matching URLs to always accept cookies from."
230 :type '(repeat regexp)
231 :group 'url-cookie)
232
233 (defcustom url-cookie-untrusted-urls nil
234 "A list of regular expressions matching URLs to never accept cookies from."
235 :type '(repeat regexp)
236 :group 'url-cookie)
237
238 (defun url-cookie-host-can-set-p (host domain)
239 (let ((numdots 0)
240 (last nil)
241 (case-fold-search t)
242 (mindots 3))
243 (while (setq last (string-match "\\." domain last))
244 (setq numdots (1+ numdots)
245 last (1+ last)))
246 (if (string-match url-cookie-two-dot-domains domain)
247 (setq mindots 2))
248 (cond
249 ((string= host domain) ; Apparently netscape lets you do this
250 t)
251 ((>= numdots mindots) ; We have enough dots in domain name
252 ;; Need to check and make sure the host is actually _in_ the
253 ;; domain it wants to set a cookie for though.
254 (string-match (concat (regexp-quote
255 ;; Remove the dot from wildcard domains
256 ;; before matching.
257 (if (eq ?. (aref domain 0))
258 (substring domain 1)
259 domain))
260 "$") host))
261 (t
262 nil))))
263
264 (defun url-cookie-handle-set-cookie (str)
265 (setq url-cookies-changed-since-last-save t)
266 (let* ((args (url-parse-args str t))
267 (case-fold-search t)
268 (secure (and (assoc-string "secure" args t) t))
269 (domain (or (cdr-safe (assoc-string "domain" args t))
270 (url-host url-current-object)))
271 (current-url (url-view-url t))
272 (trusted url-cookie-trusted-urls)
273 (untrusted url-cookie-untrusted-urls)
274 (expires (cdr-safe (assoc-string "expires" args t)))
275 (localpart (or (cdr-safe (assoc-string "path" args t))
276 (file-name-directory
277 (url-filename url-current-object))))
278 (rest nil))
279 (dolist (this args)
280 (or (member (downcase (car this)) '("secure" "domain" "expires" "path"))
281 (setq rest (cons this rest))))
282
283 ;; Sometimes we get dates that the timezone package cannot handle very
284 ;; gracefully - take care of this here, instead of in url-cookie-expired-p
285 ;; to speed things up.
286 (and expires
287 (string-match
288 (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +"
289 "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$")
290 expires)
291 (setq expires (concat (match-string 1 expires) " "
292 (match-string 2 expires) " "
293 (match-string 3 expires) " "
294 (match-string 4 expires) " ["
295 (match-string 5 expires) "]")))
296
297 ;; This one is for older Emacs/XEmacs variants that don't
298 ;; understand this format without tenths of a second in it.
299 ;; Wednesday, 30-Dec-2037 16:00:00 GMT
300 ;; - vs -
301 ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT
302 (and expires
303 (string-match
304 "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)"
305 expires)
306 (setq expires (concat (match-string 1 expires) "-" ; day
307 (match-string 2 expires) "-" ; month
308 (match-string 3 expires) " " ; year
309 (match-string 4 expires) ".00 " ; hour:minutes:seconds
310 (match-string 6 expires)))) ":" ; timezone
311
312 (while (consp trusted)
313 (if (string-match (car trusted) current-url)
314 (setq trusted (- (match-end 0) (match-beginning 0)))
315 (pop trusted)))
316 (while (consp untrusted)
317 (if (string-match (car untrusted) current-url)
318 (setq untrusted (- (match-end 0) (match-beginning 0)))
319 (pop untrusted)))
320 (and trusted untrusted
321 ;; Choose the more specific match.
322 (set (if (> trusted untrusted) 'untrusted 'trusted) nil))
323 (cond
324 (untrusted
325 ;; The site was explicity marked as untrusted by the user.
326 nil)
327 ((or (eq url-privacy-level 'paranoid)
328 (and (listp url-privacy-level) (memq 'cookies url-privacy-level)))
329 ;; User never wants cookies.
330 nil)
331 ((and url-cookie-confirmation
332 (not trusted)
333 (save-window-excursion
334 (with-output-to-temp-buffer "*Cookie Warning*"
335 (mapcar
336 (lambda (x)
337 (princ (format "%s - %s" (car x) (cdr x)))) rest))
338 (prog1
339 (not (funcall url-confirmation-func
340 (format "Allow %s to set these cookies? "
341 (url-host url-current-object))))
342 (if (get-buffer "*Cookie Warning*")
343 (kill-buffer "*Cookie Warning*")))))
344 ;; User wants to be asked, and declined.
345 nil)
346 ((url-cookie-host-can-set-p (url-host url-current-object) domain)
347 ;; Cookie is accepted by the user, and passes our security checks.
348 (dolist (cur rest)
349 (url-cookie-store (car cur) (cdr cur) expires domain localpart secure)))
350 (t
351 (url-lazy-message "%s tried to set a cookie for domain %s - rejected."
352 (url-host url-current-object) domain)))))
353
354 (defvar url-cookie-timer nil)
355
356 (defcustom url-cookie-save-interval 3600
357 "The number of seconds between automatic saves of cookies.
358 Default is 1 hour. Note that if you change this variable outside of
359 the `customize' interface after `url-do-setup' has been run, you need
360 to run the `url-cookie-setup-save-timer' function manually."
361 :set #'(lambda (var val)
362 (set-default var val)
363 (if (bound-and-true-p url-setup-done)
364 (url-cookie-setup-save-timer)))
365 :type 'integer
366 :group 'url-cookie)
367
368 (defun url-cookie-setup-save-timer ()
369 "Reset the cookie saver timer."
370 (interactive)
371 (ignore-errors (cancel-timer url-cookie-timer))
372 (setq url-cookie-timer nil)
373 (if url-cookie-save-interval
374 (setq url-cookie-timer (run-at-time url-cookie-save-interval
375 url-cookie-save-interval
376 #'url-cookie-write-file))))
377
378 (provide 'url-cookie)
379
380 ;;; url-cookie.el ends here