You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/04/29 08:01:27 UTC

[Bug 57871] New: LegacyCookieProcessor.setAllowHttpSepsInV0(false) affects all characters, not just separators

https://bz.apache.org/bugzilla/show_bug.cgi?id=57871

            Bug ID: 57871
           Summary: LegacyCookieProcessor.setAllowHttpSepsInV0(false)
                    affects all characters, not just separators
           Product: Tomcat 8
           Version: 8.0.21
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: knst.kolinko@gmail.com

Reviewing code of LegacyCookieProcessor.setAllowHttpSepsInV0(boolean) of
current Tomcat 8.

There is the following code:

        char[] seps = "()<>@:\\\"[]?={}\t".toCharArray();
        for (char sep : seps) {
            if (allowHttpSepsInV0) {
                allowedWithoutQuotes.set(sep);
            } else {
                allowedWithoutQuotes.clear();
            }
        }
        if (getForwardSlashIsSeparator() && !allowHttpSepsInV0) {
            allowedWithoutQuotes.set('/');
        } else {
            allowedWithoutQuotes.clear('/');
        }

Apparently it was supposed to do "clear(sep)" instead of just clear().

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 57871] LegacyCookieProcessor.setAllowHttpSepsInV0(false) affects all characters, not just separators

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=57871

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Fixed in trunk and 8.0.x. Will be in 8.0.23 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org