svn commit: r919169 - in /tomcat/tc5.5.x/trunk: STATUS.txt connectors/util/java/org/apache/tomcat/util/http/Cookies.java container/webapps/docs/changelog.xml

Thu, 04 Mar 2010 12:48:03 -0800 

Author: kkolinko
Date: Thu Mar  4 20:47:41 2010
New Revision: 919169

URL: http://svn.apache.org/viewvc?rev=919169&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48322
Single quote in a cookie should be not be treated as a separator
(markt)
Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Thu Mar  4 20:47:41 2010
@@ -67,12 +67,6 @@
      kkolinko - Just a note: This issue won't affect configurations where 
Jasper
      runs with development=false.
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48322
-  Single quote should be not be treated as a separator
-  http://svn.apache.org/viewvc?rev=830999&view=rev
-  +1: markt, kkolinko, rjung
-  -1: 
-
 * Provide new option to allow = in cookie values
   http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
   +1: markt, kkolinko, rjung

Modified: 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
 (original)
+++ 
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
 Thu Mar  4 20:47:41 2010
@@ -51,10 +51,10 @@
     Excluding the '/' char violates the RFC, but 
     it looks like a lot of people put '/'
     in unquoted values: '/': ; //47 
-    '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60 
+    '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60 
     '=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
     */
-    public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')', 
',', 
+    public static final char SEPARATORS[] = { '\t', ' ', '\"', '(', ')', ',', 
         ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
 
     protected static final boolean separators[] = new boolean[128];

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Thu Mar  4 
20:47:41 2010
@@ -144,6 +144,10 @@
         (kkolinko/markt)
       </fix>
       <fix>
+        <bug>48322</bug>: Single quote characters are not HTTP separators and
+        should not be treated as such in the cookie handling. (markt)
+      </fix>
+      <fix>
         <bug>48516</bug>: Prevent NPE in JNDIRealm if requested user does not
         exist. Patch provided by Kevin Conaway. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to