Author: markt
Date: Thu Oct 29 15:27:58 2009
New Revision: 830999
URL: http://svn.apache.org/viewvc?rev=830999&view=rev
Log:
The single quote character ' is not a separator so it is allowed in unquoted
values.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=830999&r1=830998&r2=830999&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java Thu Oct 29
15:27:58 2009
@@ -51,10 +51,10 @@
Excluding the '/' char violates the RFC, but
it looks like a lot of people put '/'
in unquoted values: '/': ; //47
- '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
+ '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
'=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
*/
- public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')',
',',
+ public static final char SEPARATORS[] = { '\t', ' ', '\"', '(', ')', ',',
':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
protected static final boolean separators[] = new boolean[128];
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=830999&r1=830998&r2=830999&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Thu Oct 29
15:27:58 2009
@@ -74,19 +74,19 @@
test("$Version=1;foo=\"b\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b", "a", "b"); // Incorrectly escaped.
test("$Version=1;foo=\"b\\\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b\"ar", "a", "b"); // correctly escaped.
test("$Version=1;foo=\"b'ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b'ar", "a", "b");
- // JFC: sure it is "b" and not b'ar ?
- test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo",
"b", "a", "b");
+ // ba'r is OK - ' is not a separator
+ test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo",
"b'ar", "a", "b");
// Ends in quoted value
test("foo=bar;a=\"b\"", "foo", "bar", "a", "b");
test("foo=bar;a=\"b\";", "foo", "bar", "a", "b");
// Last character is an escape character
-
test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo",
"b");
- test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\",
"foo", "b");
+
test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo",
"b'ar");
+ test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\",
"foo", "b'ar");
- // Bad... a token cannot be quoted with ' chars
- test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"");
+ // A token cannot be quoted with ' chars - they should be treated as
part of the value
+ test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"",
"foo", "'bar'");
// wrong, path should not have '/' JVK
test("$Version=1;foo=\"bar\";$Path=/examples;a=b; ; ", "foo", "bar",
"a", "b");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
