[wp-trac] [WordPress Trac] #2660: WordPress admin creates invalid (
netscape ) dbx-postmeta cookies on OSX + Safari, can cause apache segfault
WordPress Trac
wp-trac at lists.automattic.com
Thu Apr 13 23:06:55 GMT 2006
#2660: WordPress admin creates invalid ( netscape ) dbx-postmeta cookies on OSX +
Safari, can cause apache segfault
-----------------------+----------------------------------------------------
Id: 2660 | Status: new
Component: General | Modified: Thu Apr 13 23:06:55 2006
Severity: major | Milestone:
Priority: normal | Version: 2.1
Owner: anonymous | Reporter: jvanasco
-----------------------+----------------------------------------------------
I came across this issue a while back, i thought it would be resolved as
it was in the forums - but it wasn't, and theres no ticket either open or
closed addressing it, so here are my notes:
I wrote a web services module to incorporate the TrackBack protocol into
my mod_perl application
I started testing it using WordPress - the php blog software
It seems to have set a cookie (see details below) , that causes an
automatic error in libapreq (accessed via the perl bindings), which can
segfault apache ( libapreq isn't just used in perl, its the general Apache
API for parsing cookies )
The error in the logs is :"Expected token not present"
The issue seems to be definitively caused by an issue in the way that
wordpress encodes the cookie and safari sends it
http://wordpress.org/support/topic/52813
http://www.darcynorman.net/2005/12/21/upgrading-blog-to-wp-20-rc3
From the headers_in , it seems that WordPress includes raw-php code
(instead of executing it), and either wordpress or safari doesn't escape
the , in the cookies.
re netscape cookie draft:
( common standard - http://wp.netscape.com/newsref/std/cookie_spec.html )
"NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended, though
no encoding is defined or required.
This is the only required attribute on the Set-Cookie header."
The RFCs regarding cookies don't have the restriction , but do use , and ;
as a delimiter -- and most libraries code to the netscape standard.
The fix would be to just encode/escape the , on reading/writing cookies.
In production I see little opportunities this will affect me or any other
user -- its not often that people use multiple languages & projects on the
same domain.
the segfault, natually, occurs whether or not the code is wrapped in an
eval block. an eval block didn't seem to catch the other error either
(sorry, but i can't discern what it is)
I've enclosed a Data::Dumper representation of the the APR::Table
headers_in atfer the cookie info. I'll be happy to pull it into any other
format if needed
To recreate this, you can use:
* wordpress 2.0 -> 2.1
* mac osx 10.4.(5,6) + safari 2.0.3
* libapreq 2.07
* httpd 2.055
----
* Created
* 193189633
* Domain
* g5.local
* Expires
* 2007-02-14T23:47:13Z
* Name
* dbx-postmeta
* Path
* /
* Value
* grabit=0-,1-,2-,3-,4-,5-,6-&advancedstuff=0-,1+,2-
----
$headers_in = bless( {
'Accept' => '*/*',
'Accept-Language' => 'en',
'Accept-Encoding' => 'gzip, deflate',
'Cookie' => 'wordpressuser_c580712eb86cad2660b3601ac04202b2=admin;
wordpresspass_c580712eb86cad2660b3601ac04202b2=7ebeeed42ef50720940f5b8db2f9db49;
rs_session=59ae9b8b503e3af7d17b97e7f77f7ea5; dbx-
postmeta=grabit=0-,1-,2-,3-,4-,5-,6-&advancedstuff=0-,1+,2-',
'User-Agent' => 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8',
'Connection' => 'keep-alive',
'Host' => 'g5.local:8082'
}, 'APR::Table' );
--
Ticket URL: <http://trac.wordpress.org/ticket/2660>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list