From 841abb8da1abce31690abe6a66b4a5b1295dac1d Mon Sep 17 00:00:00 2001
From: Cailin Smith <savannahcailin@gmail.com>
Date: Thu, 24 Oct 2013 17:06:26 -0500
Subject: [PATCH] Fixed a few obscure bugs with cookies in http_request.

---
 .../laytonsmith/PureUtilities/Web/Cookie.java | 24 +++++++------------
 .../PureUtilities/Web/CookieJar.java          |  8 ++-----
 .../com/laytonsmith/core/functions/Web.java   | 21 +++++++---------
 src/main/resources/functionDocs/http_request  |  6 +++--
 4 files changed, 24 insertions(+), 35 deletions(-)

diff --git a/src/main/java/com/laytonsmith/PureUtilities/Web/Cookie.java b/src/main/java/com/laytonsmith/PureUtilities/Web/Cookie.java
index eea88a760..bd93229c0 100644
--- a/src/main/java/com/laytonsmith/PureUtilities/Web/Cookie.java
+++ b/src/main/java/com/laytonsmith/PureUtilities/Web/Cookie.java
@@ -77,14 +77,15 @@ public Cookie(String unparsedValue, URL currentURL) {
 	}
 	
 	/**
-	 * Creates a cookie with only the required parameters set.
+	 * Creates a cookie with only the required parameters set. That is, it creates
+	 * a session cookie with httpOnly and secure set to false.
 	 * @param domain The domain under which this cookie applies
 	 * @param name The name of this cookie
 	 * @param value The value of this cookie
 	 * @param path The path under which this cookie applies in the domain
 	 */
 	public Cookie(String name, String value, String domain, String path){
-		this(name, value, domain, path, 0, null);
+		this(name, value, domain, path, 0, false, false);
 	}
 
 	/**
@@ -94,27 +95,20 @@ public Cookie(String name, String value, String domain, String path){
 	 * @param value The value of this cookie
 	 * @param path The path under which this cookie applies in the domain
 	 * @param expiration Sets the expiration date of the cookie. 0 indicates a session cookie.
-	 * @param httpOnly Sets whether or not this cookie should be usable in http or https. Null
-	 * means either. true means http only, and false means https only.
+	 * @param httpOnly Sets whether or not this cookie is httpOnly. Generally, this is an unused field
+	 * @param secureOnly Sets whether or not this cookie should only be send via https.
 	 */
-	public Cookie(String name, String value, String domain, String path, long expiration, Boolean httpOnly) {
+	public Cookie(String name, String value, String domain, String path, long expiration, boolean httpOnly, boolean secureOnly) {
 		this.name = name;
 		this.value = value;
 		this.domain = domain;
 		this.path = path;
 		this.expiration = expiration;
-		if (httpOnly == null) {
-			this.httpOnly = false;
-			this.secureOnly = false;
-		} else if (httpOnly) {
-			this.httpOnly = true;
-			this.secureOnly = false;
-		} else {
-			this.httpOnly = false;
-			this.secureOnly = true;
-		}
+		this.httpOnly = httpOnly;
+		this.secureOnly = secureOnly;
 	}
 
+	@Override
 	public int compareTo(Cookie o) {
 		return (this.domain + this.name + this.path).compareTo(o.domain + o.name + o.path);
 	}
diff --git a/src/main/java/com/laytonsmith/PureUtilities/Web/CookieJar.java b/src/main/java/com/laytonsmith/PureUtilities/Web/CookieJar.java
index 945ff9e89..364580f88 100644
--- a/src/main/java/com/laytonsmith/PureUtilities/Web/CookieJar.java
+++ b/src/main/java/com/laytonsmith/PureUtilities/Web/CookieJar.java
@@ -73,10 +73,6 @@ public String getCookies(URL url) {
 				i--;
 				continue;
 			}
-			//If it's http only, and we aren't in http, continue.
-			if (cookie.isHttpOnly() && !url.getProtocol().equals("http")) {
-				continue;
-			}
 			//Or it's secure only, and we aren't in https, continue.
 			if (cookie.isSecureOnly() && !url.getProtocol().equals("https")) {
 				continue;
@@ -90,7 +86,7 @@ public String getCookies(URL url) {
 				continue;
 			}
 			//Or if we aren't in the right path
-			String path = "/" + url.getPath();
+			String path = (url.getPath().startsWith("/")?"":"/") + url.getPath();
 			if (!path.startsWith(cookie.getPath())) {
 				continue;
 			}
@@ -106,7 +102,7 @@ public String getCookies(URL url) {
 				b.append("; ");
 			}
 			try {
-				b.append(URLEncoder.encode(cookie.getName(), "UTF-8")).append("=").append(URLEncoder.encode(cookie.getValue(), "UTF-8"));
+				b.append(URLEncoder.encode(cookie.getName(), "UTF-8")).append("=").append(cookie.getValue());
 			} catch (UnsupportedEncodingException ex) {
 				Logger.getLogger(WebUtility.class.getName()).log(Level.SEVERE, null, ex);
 			}
diff --git a/src/main/java/com/laytonsmith/core/functions/Web.java b/src/main/java/com/laytonsmith/core/functions/Web.java
index db8edfdf7..78939cfd9 100644
--- a/src/main/java/com/laytonsmith/core/functions/Web.java
+++ b/src/main/java/com/laytonsmith/core/functions/Web.java
@@ -88,11 +88,8 @@ private static void getCookieJar(CArray arrayJar, CookieJar cookieJar, Target t)
 			c.set("domain", cookie.getDomain());
 			c.set("path", cookie.getPath());
 			c.set("expiration", new CInt(cookie.getExpiration(), t), t);
-			if(!cookie.isHttpOnly() && !cookie.isSecureOnly()){
-				c.set("httpOnly", new CNull(t), t);
-			} else {
-				c.set("httpOnly", new CBoolean(cookie.isHttpOnly(), t), t);
-			}
+			c.set("httpOnly", new CBoolean(cookie.isHttpOnly(), t), t);
+			c.set("secureOnly", new CBoolean(cookie.isSecureOnly(), t), t);
 			if(!update){
 				ret.push(c);
 			}
@@ -108,7 +105,8 @@ private static CookieJar getCookieJar(CArray cookieJar, Target t){
 			String domain;
 			String path;
 			long expiration = 0;
-			Boolean httpOnly = null;
+			boolean httpOnly = false;
+			boolean secureOnly = false;
 			if(cookie.containsKey("name") && cookie.containsKey("value")
 					&& cookie.containsKey("domain") && cookie.containsKey("path")){
 				name = cookie.get("name").val();
@@ -123,13 +121,12 @@ private static CookieJar getCookieJar(CArray cookieJar, Target t){
 				expiration = Static.getInt(cookie.get("expiration"), t);
 			}
 			if(cookie.containsKey("httpOnly")){
-				if(cookie.get("expiration") instanceof CNull){
-					httpOnly = null;
-				} else {
-					httpOnly = Static.getBoolean(cookie.get("expiration"));
-				}
+				httpOnly = Static.getBoolean(cookie.get("httpOnly"));
+			}
+			if(cookie.containsKey("secureOnly")){
+				secureOnly = Static.getBoolean(cookie.get("secureOnly"));
 			}
-			Cookie c = new Cookie(name, value, domain, path, expiration, httpOnly);
+			Cookie c = new Cookie(name, value, domain, path, expiration, httpOnly, secureOnly);
 			ret.addCookie(c);
 		}
 		return ret;
diff --git a/src/main/resources/functionDocs/http_request b/src/main/resources/functionDocs/http_request
index c7bd6eb6f..ed3a3c31e 100644
--- a/src/main/resources/functionDocs/http_request
+++ b/src/main/resources/functionDocs/http_request
@@ -119,14 +119,16 @@ of web requests that can be running concurrently.
 | true
 | Automatically adds the default headers to this request, unless specifically overridden. Note that some headers
 simply cannot be overridden, for instance Host and User-Agent will ALWAYS be set. 
-|- download
+|- 
+| download
 | string
 | null
 | If this is not null, the file will be downloaded instead of returned, and saved to the specified location on
 disk. Note that this is currently only enabled from cmdline mode, but will be added in general at a later date.
 If this setting is set from non-cdmline mode, it is silently ignored.
 |}
-<!-- TODO: This isn't working yet, so just leave it off |-
+<!-- TODO: This isn't working yet, so just leave it off 
+|-
 | proxy
 | array
 | null