Re: svn commit: r836113 - in /tomcat/trunk: java/org/apache/tomcat/util/http/ test/org/apache/tomcat/util/http/ webapps/docs/config/
On 14/11/2009, ma...@apache.org wrote:
> Author: markt
> Date: Sat Nov 14 03:47:48 2009
> New Revision: 836113
>
> URL: http://svn.apache.org/viewvc?rev=836113&view=rev
> Log:
> More cookie refactoring
> - new support class for common elements of parsing and writing
> - better consistency between parsing and writing
> - remove unused code
> - reduce visibility of methods where possible
> - auto-switch to v1 for any attribute that might require quoting
> - better names for constants
> - allow v0 cookies to break http spec (disabled by default)
> - update test cases and documentation
>
> Added:
> tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (with
> props)
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowHttpSeps.java
> (with props)
> Modified:
> tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
> tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowEquals.java
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDisallowEquals.java
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
>
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
> tomcat/trunk/webapps/docs/config/systemprops.xml
>
> Added: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=836113&view=auto
>
> ==
> --- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (added)
> +++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Sat Nov
> +public static final boolean FWD_SLASH_IS_SEPARATOR;
> +
> +/**
> + * The list of separators that apply to version 0 cookies. To quote the
> + * spec, these are comma, semi-colon and white-space. The HTTP spec
> + * definition of linear white space is [CRLF] 1*( SP | HT )
> + */
> +public static final char[] V0_SEPARATORS = {',', ';', ' ', '\t'};
> +public static final boolean[] V0_SEPARATOR_FLAGS = new boolean[128];
public arrays are not immutable - entries can be changed accidentally
or maliciously.
As far as I can tell, the arrays could be made private without
breaking any code.
==
It looks like some/all of the booleans could also be made private -
why expose fields unnecessarily?
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r836177 - /tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
Author: markt
Date: Sat Nov 14 13:46:43 2009
New Revision: 836177
URL: http://svn.apache.org/viewvc?rev=836177&view=rev
Log:
Reduce visibility (thanks Sebb)
Remove unused code
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=836177&r1=836176&r2=836177&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Sat Nov 14
13:46:43 2009
@@ -65,16 +65,16 @@
* spec, these are comma, semi-colon and white-space. The HTTP spec
* definition of linear white space is [CRLF] 1*( SP | HT )
*/
-public static final char[] V0_SEPARATORS = {',', ';', ' ', '\t'};
-public static final boolean[] V0_SEPARATOR_FLAGS = new boolean[128];
+private static final char[] V0_SEPARATORS = {',', ';', ' ', '\t'};
+private static final boolean[] V0_SEPARATOR_FLAGS = new boolean[128];
/**
* The list of separators that apply to version 1 cookies. This may or may
* not include '/' depending on the setting of
* {...@link #FWD_SLASH_IS_SEPARATOR}.
*/
-public static final char[] HTTP_SEPARATORS;
-public static final boolean[] HTTP_SEPARATOR_FLAGS = new boolean[128];
+private static final char[] HTTP_SEPARATORS;
+private static final boolean[] HTTP_SEPARATOR_FLAGS = new boolean[128];
static {
STRICT_SERVLET_COMPLIANCE = Boolean.valueOf(System.getProperty(
@@ -208,20 +208,6 @@
return false;
}
-public static boolean containsCTL(String value) {
-if (value==null) return false;
-int len = value.length();
-for (int i = 0; i < len; i++) {
-char c = value.charAt(i);
-if (c < 0x20 || c >= 0x7f) {
-if (c == 0x09)
-continue; //allow horizontal tabs
-return true;
-}
-}
-return false;
-}
-
public static boolean alreadyQuoted (String value) {
if (value==null || value.length() < 2) return false;
return (value.charAt(0)=='\"' && value.charAt(value.length()-1)=='\"');
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r836113 - in /tomcat/trunk: java/org/apache/tomcat/util/http/ test/org/apache/tomcat/util/http/ webapps/docs/config/
sebb wrote: > public arrays are not immutable - entries can be changed accidentally > or maliciously. I know. > As far as I can tell, the arrays could be made private without > breaking any code. Good point. In all the refactoring, I missed that. I'll make those changes now. > It looks like some/all of the booleans could also be made private - > why expose fields unnecessarily? Ditto. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48196] New: Public arrays that should be private
https://issues.apache.org/bugzilla/show_bug.cgi?id=48196 Summary: Public arrays that should be private Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: s...@apache.org Created an attachment (id=24535) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24535) Patch fixes some public arrays that aren't currently accessed outside their class. Arrays should never be public unless they have zero elements. Patch fixes some public arrays that aren't currently accessed outside their class. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48197] New: XByteBuffer: privatize public fields; fix Javadoc
https://issues.apache.org/bugzilla/show_bug.cgi?id=48197 Summary: XByteBuffer: privatize public fields; fix Javadoc Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: s...@apache.org Created an attachment (id=24536) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24536) Patch to fix various problems in XByteBuffer. Patch to fix various problems in XByteBuffer. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r836209 - /tomcat/trunk/res/tomcat.nsi
Author: kkolinko Date: Sat Nov 14 16:30:21 2009 New Revision: 836209 URL: http://svn.apache.org/viewvc?rev=836209&view=rev Log: Clear the values in username and password fields when they are read-only Modified: tomcat/trunk/res/tomcat.nsi Modified: tomcat/trunk/res/tomcat.nsi URL: http://svn.apache.org/viewvc/tomcat/trunk/res/tomcat.nsi?rev=836209&r1=836208&r2=836209&view=diff == --- tomcat/trunk/res/tomcat.nsi (original) +++ tomcat/trunk/res/tomcat.nsi Sat Nov 14 16:30:21 2009 @@ -385,6 +385,9 @@ !insertmacro MUI_INSTALLOPTIONS_READ $0 "config.ini" "Field 7" "HWND" !insertmacro MUI_INSTALLOPTIONS_WRITE "config.ini" "Field 7" "Flags" "DISABLED" EnableWindow $0 0 + ; Clear the values + !insertmacro MUI_INSTALLOPTIONS_WRITE "config.ini" "Field 5" "State" "" + !insertmacro MUI_INSTALLOPTIONS_WRITE "config.ini" "Field 7" "State" "" Display: !insertmacro MUI_INSTALLOPTIONS_DISPLAY "config.ini" - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r836211 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Sat Nov 14 16:40:18 2009 New Revision: 836211 URL: http://svn.apache.org/viewvc?rev=836211&view=rev Log: add rev.836209 proposal, provide a combined patch file Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=836211&r1=836210&r2=836211&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Nov 14 16:40:18 2009 @@ -405,8 +405,14 @@ -1: Additional patches: - http://svn.apache.org/viewvc?rev=836036&view=rev - http://svn.apache.org/viewvc?rev=836045&view=rev + ( +http://svn.apache.org/viewvc?rev=836036&view=rev +http://svn.apache.org/viewvc?rev=836045&view=rev +http://svn.apache.org/viewvc?rev=836209&view=rev + ) + The following patch file is a combination of rev. 834047, 836036, 836045, + 836209: + http://people.apache.org/~kkolinko/patches/2009-11-14_Installer_password_tc6.patch +1: kkolinko -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r836290 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Sat Nov 14 23:11:07 2009 New Revision: 836290 URL: http://svn.apache.org/viewvc?rev=836290&view=rev Log: propose installer patch Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=836290&r1=836289&r2=836290&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Sat Nov 14 23:11:07 2009 @@ -186,6 +186,17 @@ http://svn.apache.org/viewvc?rev=834047&view=rev +1: markt, mturk -1: + kkolinko: It cannot be applied cleanly, because manager and + host-manager are at different paths in TC5.5. + + Alternative patch: + Fix CVE-2009-3548 - Windows installer uses insecure default password + Also removes some old commented-out code and changes some message strings. + This patch file is a backport of revs. 834047, 836036, 836045, 836209 + http://people.apache.org/~kkolinko/patches/2009-11-14_Installer_password_tc55.patch + +1: kkolinko + -1: + * Disable TLS renegotiation be default with an option to re-enable it Based on Costin's patch for trunk with Mark's modifications - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r836292 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: kkolinko Date: Sat Nov 14 23:28:51 2009 New Revision: 836292 URL: http://svn.apache.org/viewvc?rev=836292&view=rev Log: proposal Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=836292&r1=836291&r2=836292&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Sat Nov 14 23:28:51 2009 @@ -202,4 +202,10 @@ Based on Costin's patch for trunk with Mark's modifications http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc5.patch +1: markt, mturk - -1: \ No newline at end of file + -1: + +* Align server.xml installed by .exe installer with the one bundled in + zip/tgz archives + http://people.apache.org/~kkolinko/patches/2009-11-15_Installer_serverxml_tc55.patch + +1: kkolinko + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
