On Thu, Mar 28, 2019 at 11:40 PM Yann Ylavic <[email protected]> wrote: > > On Thu, Mar 28, 2019 at 10:30 PM Ruediger Pluem <[email protected]> wrote: > > > > > > > > On 03/28/2019 10:27 PM, Yann Ylavic wrote: > > > On Thu, Mar 28, 2019 at 10:24 PM Ruediger Pluem <[email protected]> wrote: > > >> > > >> On 03/28/2019 05:39 PM, [email protected] wrote: > > >>> > > >>> + for (wpos = str; *str; ++str) { > > >>> if (!quoted) { > > >>> - if (**last == '\"' && !ap_strchr_c(sep, '\"')) { > > >>> + if (*str == '"') { > > >> > > >> Question: Is the token allowed to the quoted? > > > > > > Hmm no, I asked and was told to RTFM, and then forgot :) > > > Will fix, thanks! > > > > > > > All good. It is not allowed to be quoted and then the code behaves > > correctly and returns with APR_EINVAL. > > Not really, 'Cache-Control: "private"' for instance is not allowed but > accepted here. > Hopefully fixed in r1856507.
Oh, you were right actually, the quoted token was already caught by the first "skip separators" checks. But I find the new code from r1856507 clearer anyway, so I'll leave it (unless I'm the only one).. Regards, Yann.
