You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/02 17:23:25 UTC

svn commit: r1622033 - in /tomcat/trunk: test/org/apache/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml

Author: markt
Date: Tue Sep  2 15:23:24 2014
New Revision: 1622033

URL: http://svn.apache.org/r1622033
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55918
The new cookie parser correctly handles control characters in quoted V1 values

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1622033&r1=1622032&r2=1622033&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Sep  2 15:23:24 2014
@@ -439,7 +439,7 @@ public class TestCookies {
 
     @Test
     public void disallowControlInV1QuotedValue() {
-        // Bug 55917
+        // Bug 55917 / Bug 55918
         test(true, "$Version=1; foo=\"b\010r\"");
     }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1622033&r1=1622032&r2=1622033&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep  2 15:23:24 2014
@@ -54,6 +54,11 @@
         correctly handle these cookies. (markt)
       </fix>
       <fix>
+        <bug>55918</bug>: Do not permit control characters to appear in quoted
+        V1 (RFC2109) cookie values. The new RFC6265 based cookie parser must be
+        enabled to correctly handle these cookies. (markt)
+      </fix>
+      <fix>
         <bug>56900</bug>: Fix some potential resource leaks when reading
         property files reported by Coverity Scan. Based on patches provided by
         Felix Schumacher. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org