You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2012/11/18 21:47:30 UTC
[1/2] git commit: Support auth cookies with : characters
Updated Branches:
refs/heads/1.3.x c57524814 -> f39115528
refs/heads/master 2774531ff -> d9566c831
Support auth cookies with : characters
The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.
COUCHDB-1607
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/f3911552
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/f3911552
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/f3911552
Branch: refs/heads/1.3.x
Commit: f391155280ccdc8f15b94bd8e5753985bd0b26e0
Parents: c575248
Author: Robert Newson <rn...@apache.org>
Authored: Sun Nov 18 19:02:07 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Sun Nov 18 20:46:42 2012 +0000
----------------------------------------------------------------------
src/couchdb/couch_httpd_auth.erl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/f3911552/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 0b4ba8f..5226a56 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Cookie ->
[User, TimeStr | HashParts] = try
AuthSession = couch_util:decodeBase64Url(Cookie),
- [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":")
+ [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
catch
_:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,