https://issues.apache.org/bugzilla/show_bug.cgi?id=51260
Bug #: 51260
Summary: ALLOW_HTTP_SEPARATORS_IN_V0 not 100% reliable
Product: Tomcat 7
Version: 7.0.14
Platform: PC
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: dchecko...@gmail.com
Classification: Unclassified
Because of a logical condition ordering issue in ServerCookie.java, setting
ALLOW_HTTP_SEPARATORS_IN_V0=true does not work 100% of the time.
Here's a patch:
Index: java/org/apache/tomcat/util/http/ServerCookie.java
===================================================================
--- java/org/apache/tomcat/util/http/ServerCookie.java (revision 1127279)
+++ java/org/apache/tomcat/util/http/ServerCookie.java (working copy)
@@ -289,10 +289,8 @@
buf.append('"');
buf.append(escapeDoubleQuotes(value,1,value.length()-1));
buf.append('"');
- } else if (CookieSupport.isHttpToken(value) &&
- !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
- CookieSupport.isV0Token(value) &&
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
+ } else if ((!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
CookieSupport.isHttpToken(value)) ||
+ (CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
CookieSupport.isV0Token(value))) {
buf.append('"');
buf.append(escapeDoubleQuotes(value,0,value.length()));
buf.append('"');
(added some parentheses in there as per tongue-in-cheek discussion on tomcat
users list)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
