You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/06/06 14:17:58 UTC

svn commit: r1747015 - in /tomcat/tc8.5.x/trunk: ./ java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml

Author: markt
Date: Mon Jun  6 14:17:58 2016
New Revision: 1747015

URL: http://svn.apache.org/viewvc?rev=1747015&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59655
Configure the cookie name validation to use RFC6265 rules by default to align it with the default cookie parser. Document the impact system properties have on cookie name validation.

Modified:
    tomcat/tc8.5.x/trunk/   (props changed)
    tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
    tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
    tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml

Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun  6 14:17:58 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 ,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501,1741677
 ,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014

Modified: tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java Mon Jun  6 14:17:58 2016
@@ -49,7 +49,7 @@ import java.util.ResourceBundle;
  * support the cache control defined with HTTP 1.1.
  * <p>
  * This class supports both the Version 0 (by Netscape) and Version 1 (by RFC
- * 2109) cookie specifications. By default, cookies are created using Version 0
+ * 2109) cookie specifications. By default, cookies are created using RFC6265
  * to ensure the best interoperability.
  */
 public class Cookie implements Cloneable, Serializable {
@@ -68,7 +68,7 @@ public class Cookie implements Cloneable
             validation = new RFC2109Validator();
         }
         else {
-            validation = new NetscapeValidator();
+            validation = new RFC6265Validator();
         }
     }
 

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Jun  6 14:17:58 2016
@@ -79,6 +79,11 @@
       <fix>
         Fix error message when failed to register MBean. (kfujino)
       </fix>
+      <fix>
+        <bug>59655</bug>: Configure the cookie name validation to use RFC6265 rules by default to
+        align it with the default cookie parser. Document the impact system properties have on
+        cookie name validation. (mark)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">

Modified: tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml?rev=1747015&r1=1747014&r2=1747015&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml Mon Jun  6 14:17:58 2016
@@ -280,6 +280,7 @@
       <li><code>org.apache.catalina.core.<br/>StandardHostValve.ACCESS_SESSION</code></li>
       <li><code>org.apache.catalina.session.<br/>StandardSession.ACTIVITY_CHECK</code></li>
       <li><code>org.apache.catalina.session.<br/>StandardSession.LAST_ACCESS_AT_START</code></li>
+      <li><code>org.apache.tomcat.util.http.<br/>ServerCookie.STRICT_NAMING</code></li>
       <li>The <code>URIEncoding</code> attribute of any
           <a href="http.html">HTTP connector</a> or
           <a href="ajp.html">AJP connector</a> element.</li>
@@ -335,7 +336,16 @@
         <li><code>org.apache.tomcat.websocket.server#isEnforceNoAddAfterHandshake</code>
         (default changes from <code>false</code> to <code>true</code>)</li>
       </ul>
+    </property>
 
+    <property name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
+      <p> If this is true then the requirements of the Servlet specification
+      that Cookie names must adhere to RFC2109 (no use of separators) will be
+      enforced. If this is false the the naming rules specified in RFC6265 will
+      be used.</p>
+      <p>If <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
+      <code>true</code>, the default of this setting will be <code>true</code>,
+      else the default value will be <code>false</code>.</p>
     </property>
 
   </properties>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org