You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/04/29 08:01:27 UTC
[Bug 57871] New: LegacyCookieProcessor.setAllowHttpSepsInV0(false)
affects all characters, not just separators
https://bz.apache.org/bugzilla/show_bug.cgi?id=57871
Bug ID: 57871
Summary: LegacyCookieProcessor.setAllowHttpSepsInV0(false)
affects all characters, not just separators
Product: Tomcat 8
Version: 8.0.21
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.kolinko@gmail.com
Reviewing code of LegacyCookieProcessor.setAllowHttpSepsInV0(boolean) of
current Tomcat 8.
There is the following code:
char[] seps = "()<>@:\\\"[]?={}\t".toCharArray();
for (char sep : seps) {
if (allowHttpSepsInV0) {
allowedWithoutQuotes.set(sep);
} else {
allowedWithoutQuotes.clear();
}
}
if (getForwardSlashIsSeparator() && !allowHttpSepsInV0) {
allowedWithoutQuotes.set('/');
} else {
allowedWithoutQuotes.clear('/');
}
Apparently it was supposed to do "clear(sep)" instead of just clear().
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57871] LegacyCookieProcessor.setAllowHttpSepsInV0(false)
affects all characters, not just separators
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57871
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Fixed in trunk and 8.0.x. Will be in 8.0.23 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org