diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-09-27 09:41:43 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-09-28 18:10:43 +0200 |
| commit | d0a7ee3f613b0c3f2370c6cc81e5aafef67120f0 (patch) | |
| tree | 84313021ed566a898a897112ddc7982e2e89a00d /lib/http.c | |
| parent | ed735091574122fd5b2f5bac1edc56d5f03aa969 (diff) | |
| download | curl-d0a7ee3f613b0c3f2370c6cc81e5aafef67120f0.tar.gz | |
cookies: using a share with cookies shouldn't enable the cookie engine
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.
This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.
Test 1166 verifies
Updated test 506
Fixes #4429
Closes #4434
Diffstat (limited to 'lib/http.c')
| -rw-r--r-- | lib/http.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/http.c b/lib/http.c index 9719b28ef..4631a7f36 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2676,7 +2676,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) struct Cookie *co = NULL; /* no cookies from start */ int count = 0; - if(data->cookies) { + if(data->cookies && data->state.cookie_engine) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); co = Curl_cookie_getlist(data->cookies, conn->allocptr.cookiehost? @@ -4013,7 +4013,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, data->state.resume_from = 0; /* get everything */ } #if !defined(CURL_DISABLE_COOKIES) - else if(data->cookies && + else if(data->cookies && data->state.cookie_engine && checkprefix("Set-Cookie:", k->p)) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); |