Author: markt
Date: Thu Apr 30 10:04:08 2015
New Revision: 1676943
URL: http://svn.apache.org/r1676943
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57871
Ensure that setting the allowHttpSepsInV0 property of LegacyCookieProcessor to
false only prevents HTTP separators from being used without quotes.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1676943&r1=1676942&r2=1676943&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
Thu Apr 30 10:04:08 2015
@@ -184,7 +184,7 @@ public final class LegacyCookieProcessor
if (allowHttpSepsInV0) {
allowedWithoutQuotes.set(sep);
} else {
- allowedWithoutQuotes.clear();
+ allowedWithoutQuotes.clear(sep);
}
}
if (getForwardSlashIsSeparator() && !allowHttpSepsInV0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
