https://bz.apache.org/bugzilla/show_bug.cgi?id=59450
Bug ID: 59450
Summary: allowHttpSepsInV0 attribute and
forwardSlashIsSeparator attribute don't handle
correctly
Product: Tomcat 9
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Created attachment 33833
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33833&action=edit
patch against trunk
When the value of cookie includes slash character ('/') and the cookie version
is 0, the org.apache.tomcat.util.http.LegacyCookieProcessor don't handle them
correctly.
If the allowHttpSepsInV0 attribute set to false and the forwardSlashIsSeparator
attribute set to true, the cookie value should be quoted.
However, it is not quoted.
If the allowHttpSepsInV0 attribute is false and the forwardSlashIsSeparator
attribute is true, allowedWithoutQuotes.clear('/') should be called.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
