You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/03/05 11:41:47 UTC
svn commit: r919364 - in /tomcat/tc5.5.x/trunk: STATUS.txt
connectors/util/java/org/apache/tomcat/util/http/Cookies.java
container/webapps/docs/changelog.xml
container/webapps/docs/config/systemprops.xml
Author: markt
Date: Fri Mar 5 10:41:46 2010
New Revision: 919364
URL: http://svn.apache.org/viewvc?rev=919364&view=rev
Log:
Provide new option to allow = in cookie values
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
tomcat/tc5.5.x/trunk/container/webapps/docs/config/systemprops.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=919364&r1=919363&r2=919364&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Mar 5 10:41:46 2010
@@ -67,13 +67,6 @@
kkolinko - Just a note: This issue won't affect configurations where Jasper
runs with development=false.
-* Provide new option to allow = in cookie values
- http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
- +1: markt, kkolinko, rjung
- -1:
- rjung: it might be more reader friendly to explicitely add parentheses when
- having || and && mixed in the same logical expression (see the "while" loop).
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47997
Process changes for all naming contexts, not just the global one
http://svn.apache.org/viewvc?rev=883134&view=rev
Modified: tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java?rev=919364&r1=919363&r2=919364&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/http/Cookies.java Fri Mar 5 10:41:46 2010
@@ -46,6 +46,12 @@
MimeHeaders headers;
+ /**
+ * If true, cookie values are allowed to contain an equals character without
+ * being quoted.
+ */
+ public static final boolean ALLOW_EQUALS_IN_VALUE;
+
/*
List of Separator Characters (see isSeparator())
Excluding the '/' char violates the RFC, but
@@ -65,6 +71,10 @@
for (int i = 0; i < SEPARATORS.length; i++) {
separators[SEPARATORS[i]] = true;
}
+
+ ALLOW_EQUALS_IN_VALUE = Boolean.valueOf(System.getProperty(
+ "org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE",
+ "false")).booleanValue();
}
/**
@@ -364,7 +374,7 @@
// Get the cookie name. This must be a token
valueEnd = valueStart = nameStart = pos;
- pos = nameEnd = getTokenEndPosition(bytes,pos,end);
+ pos = nameEnd = getTokenEndPosition(bytes,pos,end,true);
// Skip whitespace
while (pos < end && isWhiteSpace(bytes[pos])) {pos++; };
@@ -411,12 +421,14 @@
// The position is OK (On a delimiter)
break;
default:;
- if (!isSeparator(bytes[pos])) {
+ if (!isSeparator(bytes[pos]) ||
+ bytes[pos] == '=' && ALLOW_EQUALS_IN_VALUE) {
// Token
valueStart=pos;
// getToken returns the position at the delimeter
// or other non-token character
- valueEnd=getTokenEndPosition(bytes, valueStart, end);
+ valueEnd = getTokenEndPosition(bytes, valueStart, end,
+ false);
// We need pos to advance
pos = valueEnd;
} else {
@@ -548,13 +560,26 @@
}
/**
+ * @deprecated - Use private method
+ * {@link #getTokenEndPosition(byte[], int, int, boolean)} instead
+ */
+ public static final int getTokenEndPosition(byte bytes[], int off, int end){
+ return getTokenEndPosition(bytes, off, end, true);
+ }
+
+ /**
* Given the starting position of a token, this gets the end of the
* token, with no separator characters in between.
* JVK
*/
- public static final int getTokenEndPosition(byte bytes[], int off, int end){
+ private static final int getTokenEndPosition(byte bytes[], int off, int end,
+ boolean isName) {
int pos = off;
- while (pos < end && !isSeparator(bytes[pos])) {pos++; };
+ while (pos < end &&
+ (!isSeparator(bytes[pos]) ||
+ bytes[pos]=='=' && ALLOW_EQUALS_IN_VALUE && !isName)) {
+ pos++;
+ }
if (pos > end)
return end;
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=919364&r1=919363&r2=919364&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri Mar 5 10:41:46 2010
@@ -147,6 +147,10 @@
<bug>48322</bug>: Single quote characters are not HTTP separators and
should not be treated as such in the cookie handling. (markt)
</fix>
+ <add>
+ Provide an option to allow the use of equals characters in cookie
+ values. (markt)
+ </add>
<fix>
<bug>48516</bug>: Prevent NPE in JNDIRealm if requested user does not
exist. Patch provided by Kevin Conaway. (markt)
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/config/systemprops.xml?rev=919364&r1=919363&r2=919364&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/config/systemprops.xml Fri Mar 5 10:41:46 2010
@@ -119,6 +119,16 @@
</property>
<property
+ name="org.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE">
+ <p>If this is <code>true</code> Tomcat will allow <code>=</code>
+ characters when parsing unquoted cookie values. If <code>false</code>,
+ cookie values containing <code>=</code> will be terminated when the
+ <code>=</code> is encountered and the remainder of the cookie value will
+ be dropped. If not specified, the default specification compliant value of
+ <code>false</code> will be used.</p>
+ </property>
+
+ <property
name="org.apache.tomcat.util.http. ServerCookie.ALWAYS_ADD_EXPIRES">
<p>If this is <code>true</code> Tomcat will always add an expires
parameter to a SetCookie header even for cookies with version greater than
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org