Author: kkolinko
Date: Thu Mar 4 20:47:41 2010
New Revision: 919169
URL: http://svn.apache.org/viewvc?rev=919169&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48322
Single quote in a cookie should be not be treated as a separator
(markt)
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Thu Mar 4 20:47:41 2010
@@ -67,12 +67,6 @@
kkolinko - Just a note: This issue won't affect configurations where
Jasper
runs with development=false.
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48322
- Single quote should be not be treated as a separator
- http://svn.apache.org/viewvc?rev=830999&view=rev
- +1: markt, kkolinko, rjung
- -1:
-
* Provide new option to allow = in cookie values
http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
+1: markt, kkolinko, rjung
Modified:
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
Thu Mar 4 20:47:41 2010
@@ -51,10 +51,10 @@
Excluding the '/' char violates the RFC, but
it looks like a lot of people put '/'
in unquoted values: '/': ; //47
- '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
+ '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
'=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
*/
- public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')',
',',
+ public static final char SEPARATORS[] = { '\t', ' ', '\"', '(', ')', ',',
':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
protected static final boolean separators[] = new boolean[128];
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=919169&r1=919168&r2=919169&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Thu Mar 4
20:47:41 2010
@@ -144,6 +144,10 @@
(kkolinko/markt)
</fix>
<fix>
+ <bug>48322</bug>: Single quote characters are not HTTP separators and
+ should not be treated as such in the cookie handling. (markt)
+ </fix>
+ <fix>
<bug>48516</bug>: Prevent NPE in JNDIRealm if requested user does not
exist. Patch provided by Kevin Conaway. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
