[ruby/cgi] Relax domain label restrictions

nobu · matzbot · commit 58682b6980e9 · 2022-11-22T02:12:50.000Z
ruby/cgi@b46d41c363
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
@@ -42,7 +42,7 @@ class Cookie < Array
 
     TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
     PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
-    DOMAIN_VALUE_RE = %r"\A(?<label>[A-Za-z][-A-Za-z0-9]*[A-Za-z0-9])(?:\.\g<label>)*\z"
+    DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
 
     # Create a new CGI::Cookie object.
     #
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
@@ -60,6 +60,24 @@ def test_cgi_cookie_new_complex
   end
 
 
+  def test_cgi_cookie_new_with_domain
+    h = {'name'=>'name1', 'value'=>'value1'}
+    cookie = CGI::Cookie.new('domain'=>'a.example.com', **h)
+    assert_equal('a.example.com', cookie.domain)
+
+    cookie = CGI::Cookie.new('domain'=>'1.example.com', **h)
+    assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
+
+    assert_raise(ArgumentError) {
+      CGI::Cookie.new('domain'=>'-a.example.com', **h)
+    }
+
+    assert_raise(ArgumentError) {
+      CGI::Cookie.new('domain'=>'a-.example.com', **h)
+    }
+  end
+
+
   def test_cgi_cookie_scriptname
     cookie = CGI::Cookie.new('name1', 'value1')
     assert_equal('', cookie.path)

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ class Cookie < Array`
`42`	`42`
`43`	`43`	`TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"`
`44`	`44`	`PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"`
`45`		`- DOMAIN_VALUE_RE = %r"\A(?<label>[A-Za-z][-A-Za-z0-9][A-Za-z0-9])(?:\.\g<label>)\z"`
	`45`	`+ DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"`
`46`	`46`
`47`	`47`	`# Create a new CGI::Cookie object.`
`48`	`48`	`#`