svn commit: r1747015 - in /tomcat/tc8.5.x/trunk: ./ java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml

Mon, 06 Jun 2016 07:18:17 -0700 

Author: markt
Date: Mon Jun  6 14:17:58 2016
New Revision: 1747015

URL: http://svn.apache.org/viewvc?rev=1747015&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59655
Configure the cookie name validation to use RFC6265 rules by default to align 
it with the default cookie parser. Document the impact system properties have 
on cookie name validation.

Modified:
    tomcat/tc8.5.x/trunk/   (props changed)
    tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
    tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
    tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml

Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun  6 14:17:58 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 
,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014

Modified: tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java Mon Jun  6 
14:17:58 2016
@@ -49,7 +49,7 @@ import java.util.ResourceBundle;
  * support the cache control defined with HTTP 1.1.
  * <p>
  * This class supports both the Version 0 (by Netscape) and Version 1 (by RFC
- * 2109) cookie specifications. By default, cookies are created using Version 0
+ * 2109) cookie specifications. By default, cookies are created using RFC6265
  * to ensure the best interoperability.
  */
 public class Cookie implements Cloneable, Serializable {
@@ -68,7 +68,7 @@ public class Cookie implements Cloneable
             validation = new RFC2109Validator();
         }
         else {
-            validation = new NetscapeValidator();
+            validation = new RFC6265Validator();
         }
     }
 

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Jun  6 14:17:58 2016
@@ -79,6 +79,11 @@
       <fix>
         Fix error message when failed to register MBean. (kfujino)
       </fix>
+      <fix>
+        <bug>59655</bug>: Configure the cookie name validation to use RFC6265 
rules by default to
+        align it with the default cookie parser. Document the impact system 
properties have on
+        cookie name validation. (mark)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">

Modified: tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml Mon Jun  6 
14:17:58 2016
@@ -280,6 +280,7 @@
       
<li><code>org.apache.catalina.core.<br/>StandardHostValve.ACCESS_SESSION</code></li>
       
<li><code>org.apache.catalina.session.<br/>StandardSession.ACTIVITY_CHECK</code></li>
       
<li><code>org.apache.catalina.session.<br/>StandardSession.LAST_ACCESS_AT_START</code></li>
+      
<li><code>org.apache.tomcat.util.http.<br/>ServerCookie.STRICT_NAMING</code></li>
       <li>The <code>URIEncoding</code> attribute of any
           <a href="http.html">HTTP connector</a> or
           <a href="ajp.html">AJP connector</a> element.</li>
@@ -335,7 +336,16 @@
         
<li><code>org.apache.tomcat.websocket.server#isEnforceNoAddAfterHandshake</code>
         (default changes from <code>false</code> to <code>true</code>)</li>
       </ul>
+    </property>
 
+    <property name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
+      <p> If this is true then the requirements of the Servlet specification
+      that Cookie names must adhere to RFC2109 (no use of separators) will be
+      enforced. If this is false the the naming rules specified in RFC6265 will
+      be used.</p>
+      <p>If <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set 
to
+      <code>true</code>, the default of this setting will be <code>true</code>,
+      else the default value will be <code>false</code>.</p>
     </property>
 
   </properties>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to