From 493ad523500fa700f1c3bc8b912b9342f8ce0356 Mon Sep 17 00:00:00 2001
From: kush789 <address@hidden>
Date: Sun, 24 Jan 2016 15:01:02 +0530
Subject: [PATCH 3/4] Added recomendation 2

---
 src/cookies.c | 56 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 33 insertions(+), 23 deletions(-)

diff --git a/src/cookies.c b/src/cookies.c
index ea1a8df..190236e 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -713,39 +713,26 @@ check_path_match (const char *cookie_path, const char *path)
   s = PS_newstr;                                                \
 } while (0)
 
-static int
-check_cookie_matching_name_domain (struct cookie_jar *jar,
-                                  struct cookie *cookie)
-{
-  struct cookie *chain, *prev;
-
-  chain = hash_table_get (jar->chains, cookie->domain);
-  
-  if (!chain)
-    return 0;
-
-  prev = NULL;
-  for (; chain; prev = chain, chain = chain->next)
-    if (0 == strcmp (cookie->attr, chain->attr)
-        && 1 == chain->secure)
-      {
-        return 1;
-      }
-
-  return 0;
-}
-
 /* Process the HTTP `Set-Cookie' header.  This results in storing the
    cookie or discarding a matching one, or ignoring it completely, all
    depending on the contents.  */
 
+static int
+find_chains_of_host (struct cookie_jar *jar, const char *host,
+                     struct cookie *dest[]);
+
+static int
+count_char (const char *string, char chr);
+
 void
 cookie_handle_set_cookie (struct cookie_jar *jar,
                           const char *host, int port,
                           const char *path, enum url_scheme scheme,
                           const char *set_cookie)
 {
-  struct cookie *cookie;
+  struct cookie *cookie, *old_cookie;
+  struct cookie **chains;
+  int chain_count, i;
   cookies_now = time (NULL);
 
   /* Wget's paths don't begin with '/' (blame rfc1808), but cookie
@@ -803,6 +790,29 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
         }
     }
 
+  if ((cookie->secure == 0) && (scheme != SCHEME_HTTPS))
+    {
+      /* If an old cookie exists such that the all of the following are
+         true, then discard the new cookie.
+
+         - The "domain" domain-matches the domain of the new cookie  
+         - The "name" matches the "name" of the new cookie
+         - Secure-only flag of old cookie is set */
+      
+      chains = alloca_array (struct cookie *, 1 + count_char (host, '.'));
+      chain_count = find_chains_of_host (jar, host, chains);
+
+      for (i = 0; i < chain_count; i++)
+        for (old_cookie = chains[i]; old_cookie; old_cookie = old_cookie->next)
+          {
+            if (!cookie_expired_p(old_cookie)
+                && !(old_cookie->domain_exact 
+                     && 0 != strcasecmp (host, old_cookie->domain))
+                && 0 == strcasecmp(old_cookie->attr, cookie->attr)
+                && 1 == old_cookie->secure)
+              goto out;
+          }
+    }
   /* Now store the cookie, or discard an existing cookie, if
      discarding was requested.  */
 
-- 
1.9.1