From 594612c5a2fb186fffa37dc6ae3704f28f6fcd61 Mon Sep 17 00:00:00 2001 From: Monroe Linden Date: Wed, 14 Apr 2010 17:01:53 -0700 Subject: Fix for incorrect handling of an OpenID url containing a port number The code was using the "authority" part of the URL returned by LLURL when constructing the cookie's domain, which incorrectly included the port number. This change makes sure any port number and username/password that might be in the authority are stripped from the string before handing it to the cookie code. Reviewed by Gino at http://codereview.lindenlab.com/1297006 --- indra/newview/llviewermedia.cpp | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/indra/newview/llviewermedia.cpp b/indra/newview/llviewermedia.cpp index dd4192f270..58138d9917 100644 --- a/indra/newview/llviewermedia.cpp +++ b/indra/newview/llviewermedia.cpp @@ -1286,7 +1286,30 @@ void LLViewerMedia::setOpenIDCookie() { if(!sOpenIDCookie.empty()) { - getCookieStore()->setCookiesFromHost(sOpenIDCookie, sOpenIDURL.mAuthority); + // The LLURL can give me the 'authority', which is of the form: [username[:password]@]hostname[:port] + // We want just the hostname for the cookie code, but LLURL doesn't seem to have a way to extract that. + // We therefore do it here. + std::string authority = sOpenIDURL.mAuthority; + std::string::size_type host_start = authority.find('@'); + if(host_start == std::string::npos) + { + // no username/password + host_start = 0; + } + else + { + // Hostname starts after the @. + // (If the hostname part is empty, this may put host_start at the end of the string. In that case, it will end up passing through an empty hostname, which is correct.) + ++host_start; + } + std::string::size_type host_end = authority.rfind(':'); + if((host_end == std::string::npos) || (host_end < host_start)) + { + // no port + host_end = authority.size(); + } + + getCookieStore()->setCookiesFromHost(sOpenIDCookie, authority.substr(host_start, host_end - host_start)); } } -- cgit v1.2.3