* Default identity decoding for the session. * * By default, the name value pairs in the session are URLEncoded, separated * by equals, and then in turn separated by ampersand, in the format of an * html form. * * This was chosen to make it easy for external code to unpack a session, * should there be a need to do so. * * This function reverses that process, and populates the session tabl
| 389 | * @param z A pointer to where the session will be written. |
| 390 | */ |
| 391 | static apr_status_t session_identity_decode(request_rec * r, session_rec * z) |
| 392 | { |
| 393 | |
| 394 | char *last = NULL; |
| 395 | char *encoded, *pair; |
| 396 | const char *sep = "&"; |
| 397 | |
| 398 | /* sanity check - anything to decode? */ |
| 399 | if (!z->encoded) { |
| 400 | return OK; |
| 401 | } |
| 402 | |
| 403 | /* decode what we have */ |
| 404 | encoded = apr_pstrdup(r->pool, z->encoded); |
| 405 | pair = apr_strtok(encoded, sep, &last); |
| 406 | while (pair && pair[0]) { |
| 407 | char *plast = NULL; |
| 408 | const char *psep = "="; |
| 409 | char *key = apr_strtok(pair, psep, &plast); |
| 410 | if (key && *key) { |
| 411 | char *val = apr_strtok(NULL, sep, &plast); |
| 412 | if (!val || !*val) { |
| 413 | apr_table_unset(z->entries, key); |
| 414 | } |
| 415 | else if (!ap_unescape_urlencoded(key) && !ap_unescape_urlencoded(val)) { |
| 416 | if (!strcmp(SESSION_EXPIRY, key)) { |
| 417 | z->expiry = (apr_time_t) apr_atoi64(val); |
| 418 | } |
| 419 | else { |
| 420 | apr_table_set(z->entries, key, val); |
| 421 | } |
| 422 | } |
| 423 | } |
| 424 | pair = apr_strtok(NULL, sep, &last); |
| 425 | } |
| 426 | z->encoded = NULL; |
| 427 | return OK; |
| 428 | |
| 429 | } |
| 430 | |
| 431 | /** |
| 432 | * Ensure any changes to the session are committed. |
no test coverage detected