# frozen_string_literal: true

[0] Fix | Delete

require_relative 'util'

[1] Fix | Delete

class CGI

[2] Fix | Delete

# Class representing an HTTP cookie.

[3] Fix | Delete

#

[4] Fix | Delete

# In addition to its specific fields and methods, a Cookie instance

[5] Fix | Delete

# is a delegator to the array of its values.

[6] Fix | Delete

#

[7] Fix | Delete

# See RFC 2965.

[8] Fix | Delete

#

[9] Fix | Delete

# == Examples of use

[10] Fix | Delete

# cookie1 = CGI::Cookie.new("name", "value1", "value2", ...)

[11] Fix | Delete

# cookie1 = CGI::Cookie.new("name" => "name", "value" => "value")

[12] Fix | Delete

# cookie1 = CGI::Cookie.new('name' => 'name',

[13] Fix | Delete

# 'value' => ['value1', 'value2', ...],

[14] Fix | Delete

# 'path' => 'path', # optional

[15] Fix | Delete

# 'domain' => 'domain', # optional

[16] Fix | Delete

# 'expires' => Time.now, # optional

[17] Fix | Delete

# 'secure' => true, # optional

[18] Fix | Delete

# 'httponly' => true # optional

[19] Fix | Delete

# )

[20] Fix | Delete

#

[21] Fix | Delete

# cgi.out("cookie" => [cookie1, cookie2]) { "string" }

[22] Fix | Delete

#

[23] Fix | Delete

# name = cookie1.name

[24] Fix | Delete

# values = cookie1.value

[25] Fix | Delete

# path = cookie1.path

[26] Fix | Delete

# domain = cookie1.domain

[27] Fix | Delete

# expires = cookie1.expires

[28] Fix | Delete

# secure = cookie1.secure

[29] Fix | Delete

# httponly = cookie1.httponly

[30] Fix | Delete

#

[31] Fix | Delete

# cookie1.name = 'name'

[32] Fix | Delete

# cookie1.value = ['value1', 'value2', ...]

[33] Fix | Delete

# cookie1.path = 'path'

[34] Fix | Delete

# cookie1.domain = 'domain'

[35] Fix | Delete

# cookie1.expires = Time.now + 30

[36] Fix | Delete

# cookie1.secure = true

[37] Fix | Delete

# cookie1.httponly = true

[38] Fix | Delete

class Cookie < Array

[39] Fix | Delete

@@accept_charset="UTF-8" unless defined?(@@accept_charset)

[40] Fix | Delete

[41] Fix | Delete

TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"

[42] Fix | Delete

PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"

[43] Fix | Delete

DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"

[44] Fix | Delete

[45] Fix | Delete

# Create a new CGI::Cookie object.

[46] Fix | Delete

#

[47] Fix | Delete

# :call-seq:

[48] Fix | Delete

# Cookie.new(name_string,*value)

[49] Fix | Delete

# Cookie.new(options_hash)

[50] Fix | Delete

#

[51] Fix | Delete

# +name_string+::

[52] Fix | Delete

# The name of the cookie; in this form, there is no #domain or

[53] Fix | Delete

# #expiration. The #path is gleaned from the +SCRIPT_NAME+ environment

[54] Fix | Delete

# variable, and #secure is false.

[55] Fix | Delete

# <tt>*value</tt>::

[56] Fix | Delete

# value or list of values of the cookie

[57] Fix | Delete

# +options_hash+::

[58] Fix | Delete

# A Hash of options to initialize this Cookie. Possible options are:

[59] Fix | Delete

#

[60] Fix | Delete

# name:: the name of the cookie. Required.

[61] Fix | Delete

# value:: the cookie's value or list of values.

[62] Fix | Delete

# path:: the path for which this cookie applies. Defaults to

[63] Fix | Delete

# the value of the +SCRIPT_NAME+ environment variable.

[64] Fix | Delete

# domain:: the domain for which this cookie applies.

[65] Fix | Delete

# expires:: the time at which this cookie expires, as a +Time+ object.

[66] Fix | Delete

# secure:: whether this cookie is a secure cookie or not (default to

[67] Fix | Delete

# false). Secure cookies are only transmitted to HTTPS

[68] Fix | Delete

# servers.

[69] Fix | Delete

# httponly:: whether this cookie is a HttpOnly cookie or not (default to

[70] Fix | Delete

# false). HttpOnly cookies are not available to javascript.

[71] Fix | Delete

#

[72] Fix | Delete

# These keywords correspond to attributes of the cookie object.

[73] Fix | Delete

def initialize(name = "", *value)

[74] Fix | Delete

@domain = nil

[75] Fix | Delete

@expires = nil

[76] Fix | Delete

if name.kind_of?(String)

[77] Fix | Delete

self.name = name

[78] Fix | Delete

self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")

[79] Fix | Delete

@secure = false

[80] Fix | Delete

@httponly = false

[81] Fix | Delete

return super(value)

[82] Fix | Delete

end

[83] Fix | Delete

[84] Fix | Delete

options = name

[85] Fix | Delete

unless options.has_key?("name")

[86] Fix | Delete

raise ArgumentError, "`name' required"

[87] Fix | Delete

end

[88] Fix | Delete

[89] Fix | Delete

self.name = options["name"]

[90] Fix | Delete

value = Array(options["value"])

[91] Fix | Delete

# simple support for IE

[92] Fix | Delete

self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")

[93] Fix | Delete

self.domain = options["domain"]

[94] Fix | Delete

@expires = options["expires"]

[95] Fix | Delete

@secure = options["secure"] == true

[96] Fix | Delete

@httponly = options["httponly"] == true

[97] Fix | Delete

[98] Fix | Delete

super(value)

[99] Fix | Delete

end

[100] Fix | Delete

[101] Fix | Delete

# Name of this cookie, as a +String+

[102] Fix | Delete

attr_reader :name

[103] Fix | Delete

# Set name of this cookie

[104] Fix | Delete

def name=(str)

[105] Fix | Delete

if str and !TOKEN_RE.match?(str)

[106] Fix | Delete

raise ArgumentError, "invalid name: #{str.dump}"

[107] Fix | Delete

end

[108] Fix | Delete

@name = str

[109] Fix | Delete

end

[110] Fix | Delete

[111] Fix | Delete

# Path for which this cookie applies, as a +String+

[112] Fix | Delete

attr_reader :path

[113] Fix | Delete

# Set path for which this cookie applies

[114] Fix | Delete

def path=(str)

[115] Fix | Delete

if str and !PATH_VALUE_RE.match?(str)

[116] Fix | Delete

raise ArgumentError, "invalid path: #{str.dump}"

[117] Fix | Delete

end

[118] Fix | Delete

@path = str

[119] Fix | Delete

end

[120] Fix | Delete

[121] Fix | Delete

# Domain for which this cookie applies, as a +String+

[122] Fix | Delete

attr_reader :domain

[123] Fix | Delete

# Set domain for which this cookie applies

[124] Fix | Delete

def domain=(str)

[125] Fix | Delete

if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))

[126] Fix | Delete

raise ArgumentError, "invalid domain: #{str.dump}"

[127] Fix | Delete

end

[128] Fix | Delete

@domain = str

[129] Fix | Delete

end

[130] Fix | Delete

[131] Fix | Delete

# Time at which this cookie expires, as a +Time+

[132] Fix | Delete

attr_accessor :expires

[133] Fix | Delete

# True if this cookie is secure; false otherwise

[134] Fix | Delete

attr_reader :secure

[135] Fix | Delete

# True if this cookie is httponly; false otherwise

[136] Fix | Delete

attr_reader :httponly

[137] Fix | Delete

[138] Fix | Delete

# Returns the value or list of values for this cookie.

[139] Fix | Delete

def value

[140] Fix | Delete

self

[141] Fix | Delete

end

[142] Fix | Delete

[143] Fix | Delete

# Replaces the value of this cookie with a new value or list of values.

[144] Fix | Delete

def value=(val)

[145] Fix | Delete

replace(Array(val))

[146] Fix | Delete

end

[147] Fix | Delete

[148] Fix | Delete

# Set whether the Cookie is a secure cookie or not.

[149] Fix | Delete

#

[150] Fix | Delete

# +val+ must be a boolean.

[151] Fix | Delete

def secure=(val)

[152] Fix | Delete

@secure = val if val == true or val == false

[153] Fix | Delete

@secure

[154] Fix | Delete

end

[155] Fix | Delete

[156] Fix | Delete

# Set whether the Cookie is a httponly cookie or not.

[157] Fix | Delete

#

[158] Fix | Delete

# +val+ must be a boolean.

[159] Fix | Delete

def httponly=(val)

[160] Fix | Delete

@httponly = !!val

[161] Fix | Delete

end

[162] Fix | Delete

[163] Fix | Delete

# Convert the Cookie to its string representation.

[164] Fix | Delete

def to_s

[165] Fix | Delete

val = collect{|v| CGI.escape(v) }.join("&")

[166] Fix | Delete

buf = "#{@name}=#{val}".dup

[167] Fix | Delete

buf << "; domain=#{@domain}" if @domain

[168] Fix | Delete

buf << "; path=#{@path}" if @path

[169] Fix | Delete

buf << "; expires=#{CGI.rfc1123_date(@expires)}" if @expires

[170] Fix | Delete

buf << "; secure" if @secure

[171] Fix | Delete

buf << "; HttpOnly" if @httponly

[172] Fix | Delete

buf

[173] Fix | Delete

end

[174] Fix | Delete

[175] Fix | Delete

# Parse a raw cookie string into a hash of cookie-name=>Cookie

[176] Fix | Delete

# pairs.

[177] Fix | Delete

#

[178] Fix | Delete

# cookies = CGI::Cookie.parse("raw_cookie_string")

[179] Fix | Delete

# # { "name1" => cookie1, "name2" => cookie2, ... }

[180] Fix | Delete

#

[181] Fix | Delete

def self.parse(raw_cookie)

[182] Fix | Delete

cookies = Hash.new([])

[183] Fix | Delete

return cookies unless raw_cookie

[184] Fix | Delete

[185] Fix | Delete

raw_cookie.split(/;\s?/).each do |pairs|

[186] Fix | Delete

name, values = pairs.split('=',2)

[187] Fix | Delete

next unless name and values

[188] Fix | Delete

values ||= ""

[189] Fix | Delete

values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }

[190] Fix | Delete

if cookies.has_key?(name)

[191] Fix | Delete

values = cookies[name].value + values

[192] Fix | Delete

end

[193] Fix | Delete

cookies[name] = Cookie.new(name, *values)

[194] Fix | Delete

end

[195] Fix | Delete

[196] Fix | Delete

cookies

[197] Fix | Delete

end

[198] Fix | Delete

[199] Fix | Delete

# A summary of cookie string.

[200] Fix | Delete

def inspect

[201] Fix | Delete

"#<CGI::Cookie: #{self.to_s.inspect}>"

[202] Fix | Delete

end

[203] Fix | Delete

[204] Fix | Delete

end # class Cookie

[205] Fix | Delete

end

[206] Fix | Delete

[207] Fix | Delete

[208] Fix | Delete

[209] Fix | Delete