You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/15 19:53:06 UTC
svn commit: r890940 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/tomcat/util/http/Cookies.java
test/org/apache/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml
Author: markt
Date: Tue Dec 15 18:53:06 2009
New Revision: 890940
URL: http://svn.apache.org/viewvc?rev=890940&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48322
Single quote is not a separator
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/tc6.0.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Dec 15 18:53:06 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,77
2872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831106,831774,831785,831828,831850,831860,832218,833121,833545,834047,835036,835336,889363,890417
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,77
2872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832218,833121,833545,834047,835036,835336,889363,890417
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=890940&r1=890939&r2=890940&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Dec 15 18:53:06 2009
@@ -302,11 +302,6 @@
+1: kkolinko, markt, jim
-1:
-* Single quote should be not be treated as a separator
- http://svn.apache.org/viewvc?rev=830999&view=rev
- +1: markt, kkolinko, jfclere, jim
- -1:
-
* Update to commons-pool 1.5.4
http://svn.apache.org/viewvc?rev=881412&view=rev
+1: markt, jim
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=890940&r1=890939&r2=890940&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java Tue Dec 15 18:53:06 2009
@@ -51,10 +51,10 @@
Excluding the '/' char violates the RFC, but
it looks like a lot of people put '/'
in unquoted values: '/': ; //47
- '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
+ '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
'=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
*/
- public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')', ',',
+ public static final char SEPARATORS[] = { '\t', ' ', '\"', '(', ')', ',',
':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
protected static final boolean separators[] = new boolean[128];
Modified: tomcat/tc6.0.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=890940&r1=890939&r2=890940&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/tc6.0.x/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Dec 15 18:53:06 2009
@@ -74,19 +74,19 @@
test("$Version=1;foo=\"b\"ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b", "a", "b"); // Incorrectly escaped.
test("$Version=1;foo=\"b\\\"ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b\"ar", "a", "b"); // correctly escaped.
test("$Version=1;foo=\"b'ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b'ar", "a", "b");
- // JFC: sure it is "b" and not b'ar ?
- test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo", "b", "a", "b");
+ // ba'r is OK - ' is not a separator
+ test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo", "b'ar", "a", "b");
// Ends in quoted value
test("foo=bar;a=\"b\"", "foo", "bar", "a", "b");
test("foo=bar;a=\"b\";", "foo", "bar", "a", "b");
// Last character is an escape character
- test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo", "b");
- test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\", "foo", "b");
+ test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo", "b'ar");
+ test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\", "foo", "b'ar");
- // Bad... a token cannot be quoted with ' chars
- test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"");
+ // A token cannot be quoted with ' chars - they should be treated as part of the value
+ test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"", "foo", "'bar'");
// wrong, path should not have '/' JVK
test("$Version=1;foo=\"bar\";$Path=/examples;a=b; ; ", "foo", "bar", "a", "b");
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=890940&r1=890939&r2=890940&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Dec 15 18:53:06 2009
@@ -189,6 +189,10 @@
<bug>48257</bug>: Correct error in Spanish translations. Patch provided
by Guillermo GutiƩrrez. (markt)
</fix>
+ <fix>
+ <bug>48322</bug>: Single quote characters are not HTTP separators and
+ should not be treated as such in the cookie handling. (markt)
+ </fix>
<update>
Deprecate the <code>caseSensitive</code> option on the
<code>StandardContext</code> which will be removed in Tomcat 7 onwards.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org