You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by as...@apache.org on 2016/09/14 06:12:26 UTC

svn commit: r1760635 - in /sling/trunk/bundles/auth/core/src: main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java

Author: asanso
Date: Wed Sep 14 06:12:26 2016
New Revision: 1760635

URL: http://svn.apache.org/viewvc?rev=1760635&view=rev
Log:
SLING-6052 - Broken impersonation

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1760635&r1=1760634&r2=1760635&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Wed Sep 14 06:12:26 2016
@@ -1488,6 +1488,8 @@ public class SlingAuthenticator implemen
             char c = value.charAt(i);
             if (c == '"') {
                 builder.append("\\\"");
+            } else if (c == '@') {
+                builder.append(c);
             } else if (c == 127 || (c < 32 && c != '\t')) {
                 throw new IllegalArgumentException(
                     "Cookie value may not contain CTL character");

Modified: sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java?rev=1760635&r1=1760634&r2=1760635&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java (original)
+++ sling/trunk/bundles/auth/core/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java Wed Sep 14 06:12:26 2016
@@ -45,7 +45,7 @@ public class SlingAuthenticatorTest exte
         checkQuote("\"", "\"\\\"\"");
         checkQuote("simplevalue", "\"simplevalue\"");
         checkQuote("simple value", "\"simple+value\"");
-        checkQuote("email@address.com", "\"email%40address.com\"");
+        checkQuote("email@address.com", "\"email@address.com\"");
 
         checkQuote("string\ttab", "\"string%09tab\"");
         checkQuote("test中文", "\"test%E4%B8%AD%E6%96%87\"");