You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/06/13 23:05:53 UTC

svn commit: r1602522 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/examples/WEB-INF/classes/CookieExample.java

Author: markt
Date: Fri Jun 13 21:05:53 2014
New Revision: 1602522

URL: http://svn.apache.org/r1602522
Log:
Set the path for cookies created by the examples web app
This reduces the opportunity for using such cookies for malicious purposes should the advice to remove the examples web application from security sensitive systems be ignored.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1602521

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1602522&r1=1602521&r2=1602522&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Jun 13 21:05:53 2014
@@ -164,6 +164,17 @@
       </fix>
     </changelog>
   </subsection>
+  <subsection name="Web applications">
+    <changelog>
+      <fix>
+        Set the path for cookies created by the examples web application so they
+        only returned to the examples application. This reduces the opportunity
+        for using such cookies for malicious purposes should the advice to
+        remove the examples web application from security sensitive systems be
+        ignored. (markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 7.0.54 (violetagg)" rtext="released 2014-05-22">
   <subsection name="Catalina">

Modified: tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java?rev=1602522&r1=1602521&r2=1602522&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java (original)
+++ tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/CookieExample.java Fri Jun 13 21:05:53 2014
@@ -50,6 +50,7 @@ public class CookieExample extends HttpS
         Cookie aCookie = null;
         if (cookieName != null && cookieValue != null) {
             aCookie = new Cookie(cookieName, cookieValue);
+            aCookie.setPath(request.getServletContext().getContextPath());
             response.addCookie(aCookie);
         }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org