diff --git a/nselib/http.lua b/nselib/http.lua index a2c13e637..e6ad05a24 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -112,6 +112,7 @@ local coroutine = require "coroutine" local nmap = require "nmap" local os = require "os" local sasl = require "sasl" +local slaxml = require "slaxml" local stdnse = require "stdnse" local string = require "string" local table = require "table" @@ -305,7 +306,12 @@ local function validate_options(options) stdnse.debug1("http: options.cookies[i].expires should be a string") bad = true end - else + elseif(cookie_key == 'max-age') then + if(type(cookie_value) ~= 'string') then + stdnse.debug1("http: options.cookies[i].max-age should be a string") + bad = true + end + elseif not (cookie_key == 'httponly' or cookie_key == 'secure') then stdnse.debug1("http: Unknown field in cookie table: %s", cookie_key) bad = true end @@ -871,8 +877,8 @@ end -- @param path If the argument exists, only cookies with this path are included to the request -- @return A string to be added to the mod_options table local function buildCookies(cookies, path) - local cookie = "" if type(cookies) == 'string' then return cookies end + local cookie = {} for _, ck in ipairs(cookies or {}) do local ckpath = ck["path"] if not path or not ckpath @@ -880,10 +886,10 @@ local function buildCookies(cookies, path) or ckpath:sub(-1) == "/" and ckpath == path:sub(1, ckpath:len()) or ckpath .. "/" == path:sub(1, ckpath:len()+1) then - cookie = cookie .. ck["name"] .. "=" .. ck["value"] .. "; " + cookie[#cookie+1] = ck["name"] .. "=" .. ck["value"] end end - return cookie:gsub("; $","") + return table.concat(cookie, "; ") end -- HTTP cache. @@ -2073,7 +2079,7 @@ local function get_attr (html, name) if not value then value = html:match('^[^%s<>=\'"`]+', pos) end - return value + return slaxml.parser.unescape(value) end --- -- Parses a form, that is, finds its action and fields.