svn commit: r1553290 - in /tomcat/trunk: java/org/apache/tomcat/util/http/Cookies.java test/org/apache/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml

Tue, 24 Dec 2013 07:38:16 -0800 

Author: jboynes
Date: Tue Dec 24 15:36:25 2013
New Revision: 1553290

URL: http://svn.apache.org/r1553290
Log:
revert 1553187

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=1553290&r1=1553289&r2=1553290&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java Tue Dec 24 
15:36:25 2013
@@ -508,7 +508,14 @@ public final class Cookies {
     private static final int getTokenEndPosition(byte bytes[], int off, int 
end,
             int version, boolean isName){
         int pos = off;
-        while (pos < end && allowInToken(bytes[pos], version, isName)) {
+        while (pos < end &&
+                (!CookieSupport.isHttpSeparator((char)bytes[pos]) ||
+                 version == 0 &&
+                        CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
+                        bytes[pos] != '=' &&
+                        !CookieSupport.isV0Separator((char)bytes[pos]) ||
+                 !isName && bytes[pos] == '=' &&
+                         CookieSupport.ALLOW_EQUALS_IN_VALUE)) {
             pos++;
         }
 
@@ -518,34 +525,6 @@ public final class Cookies {
         return pos;
     }
 
-    private static boolean allowInToken(byte b, int version, boolean isName) {
-        // byte is signed so cast into a positive int for comparisons
-        int octet = ((int)b) & 0xff;
-
-        // disallow all controls
-        if (octet < 0x20 && octet != 0x09 || octet >= 0x7f && octet < 0xa0) {
-            throw new IllegalArgumentException(
-                    "Control character in cookie value or attribute.");
-        }
-
-        // values 0xa0-0xff are allowed in V0 values, otherwise disallow
-        if (octet >= 0x80) {
-            if (isName || version != 0) {
-                throw new IllegalArgumentException(
-                        "Control character in cookie value or attribute.");
-            }
-            return true;
-        }
-
-        return !CookieSupport.isHttpSeparator((char) b) ||
-                version == 0 &&
-                        CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
-                        b != '=' &&
-                        !CookieSupport.isV0Separator((char) b) ||
-                !isName && b == '=' &&
-                        CookieSupport.ALLOW_EQUALS_IN_VALUE;
-    }
-
     /**
      * Given a starting position after an initial quote character, this gets
      * the position of the end quote. This escapes anything after a '\' char

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1553290&r1=1553289&r2=1553290&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Dec 24 
15:36:25 2013
@@ -17,113 +17,9 @@
 
 package org.apache.tomcat.util.http;
 
-import java.nio.charset.StandardCharsets;
-
-import javax.servlet.http.Cookie;
-
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 
 public class TestCookies {
-    private Cookies cookies;
-
-    @Before
-    public void init() {
-        this.cookies = new Cookies(null);
-    }
-
-    @Test
-    public void skipJsonInV0Value() {
-        process("bad={\"v\":1,\"x\":2}; a=b");
-        expect(makeCookie("a", "b", 0));
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallow8bitInName() {
-        process("f\u00f6o=bar");
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallowControlInName() {
-        process("f\010o=bar");
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallow8BitControlInName() {
-        process("f\210o=bar");
-    }
-
-    @Test
-    public void allow8BitInV0Value() {
-        process("foo=b\u00e1r");
-        expect(makeCookie("foo", "b\u00e1r", 0));
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallow8bitInV1UnquotedValue() {
-        process("$Version=1; foo=b\u00e1r");
-    }
-
-    @Test
-    public void allow8bitInV1QuotedValue() {
-        process("$Version=1; foo=\"b\u00e1r\"");
-        expect(makeCookie("foo", "b\u00e1r", 1));
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallowControlInV0Value() {
-        process("foo=b\010r");
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallow8BitControlInV0Value() {
-        process("foo=b\210r");
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallowControlInV1UnquotedValue() {
-        process("$Version=1; foo=b\010r");
-    }
-
-    @Ignore
-    @Test(expected = IllegalArgumentException.class)
-    public void disallowControlInV1QuotedValue() {
-        process("$Version=1; foo=\"b\010r\"");
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void disallow8BitControlInV1UnquotedValue() {
-        process("$Version=1; foo=b\210r");
-    }
-
-    @Ignore
-    @Test
-    public void allow8BitControlInV1QuotedValue() {
-        process("$Version=1; foo=\"b\210r\"");
-        expect(makeCookie("foo", "b\210r", 1));
-    }
-
-    private void process(String header) {
-        byte[] bytes = header.getBytes(StandardCharsets.ISO_8859_1);
-        cookies.processCookieHeader(bytes, 0, bytes.length);
-    }
-
-    private void expect(Cookie... expected) {
-        Assert.assertEquals(expected.length, cookies.getCookieCount());
-        for (int i = 0; i < expected.length; i++) {
-            ServerCookie actual = cookies.getCookie(i);
-            Assert.assertEquals(expected[i].getName(), 
actual.getName().toString());
-            Assert.assertEquals(expected[i].getValue(), 
actual.getValue().toString());
-        }
-    }
-
-    private static Cookie makeCookie(String name, String value, int version) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setVersion(version);
-        return cookie;
-    }
 
     @Test
     public void testCookies() throws Exception {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1553290&r1=1553289&r2=1553290&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Dec 24 15:36:25 2013
@@ -225,10 +225,6 @@
         Change the default URIEncoding for all connectors from ISO-8859-1 to
         UTF-8. (markt)
       </update>
-      <scode>
-        <bug>55917</bug>: Allow ISO-8859-1 characters 0xA0-0xFF in V0 cookie
-        values (jboynes).
-      </scode>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to