You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by as...@apache.org on 2016/11/11 14:45:35 UTC
svn commit: r1769292 -
/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Author: asanso
Date: Fri Nov 11 14:45:34 2016
New Revision: 1769292
URL: http://svn.apache.org/viewvc?rev=1769292&view=rev
Log:
SLING-6275 - Unable to impersonate user with surrogate pair character
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1769292&r1=1769291&r2=1769292&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Fri Nov 11 14:45:34 2016
@@ -20,6 +20,7 @@ package org.apache.sling.auth.core.impl;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
@@ -29,7 +30,6 @@ import java.util.Hashtable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
@@ -40,7 +40,6 @@ import javax.servlet.ServletRequestListe
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
@@ -1511,22 +1510,27 @@ public class SlingAuthenticator implemen
* @param value The cookie value to unquote
* @return The unquoted cookie value
*/
- static String unquoteCookieValue(final String value) {
+ static String unquoteCookieValue(String value) {
// method is package private to enable unit testing
- // return value unmodified if null, empty or not starting with a quote
- if (value == null || value.length() == 0 || value.charAt(0) != '"') {
+ // return value unmodified if null or empty
+ if (value == null || value.length() == 0) {
return value;
}
-
- StringBuilder builder = new StringBuilder(value.length());
- for (int i = 1; i < value.length() - 1; i++) {
- char c = value.charAt(i);
- if (c != '\\') {
- builder.append(c);
- }
+
+ if (value.startsWith("\"") && value.endsWith("\"")) {
+ value = value.substring(1, value.length()-1);
+ }
+
+ StringBuilder builder = new StringBuilder();
+ String [] values = value.split("\\\\");
+ for (String v:values) {
+ try {
+ builder.append(URLDecoder.decode(v, "UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ builder.append(v);
+ }
}
-
return builder.toString();
}