Author: markt
Date: Fri Oct 3 08:41:04 2014
New Revision: 1629141
URL: http://svn.apache.org/r1629141
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55984
Using the allow separators in version 0 cookies option with the legacy cookie
processor should only apply to version 0 cookies. Version 1 cookies with values
that contain separators should not be affected and should continue to be quoted.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
Fri Oct 3 08:41:04 2014
@@ -300,7 +300,7 @@ public final class LegacyCookieProcessor
if (version == 0) {
// Check for the things that require a v1 cookie
- if (needsQuotes(value) || comment != null || needsQuotes(path) ||
needsQuotes(domain)) {
+ if (needsQuotes(value, 0) || comment != null || needsQuotes(path,
0) || needsQuotes(domain, 0)) {
version = 1;
}
}
@@ -313,7 +313,7 @@ public final class LegacyCookieProcessor
buf.append("=");
// Value
- maybeQuote(buf, value);
+ maybeQuote(buf, value, version);
// Add version 1 specific information
if (version == 1) {
@@ -323,14 +323,14 @@ public final class LegacyCookieProcessor
// Comment=comment
if (comment != null) {
buf.append ("; Comment=");
- maybeQuote(buf, comment);
+ maybeQuote(buf, comment, version);
}
}
// Add domain information, if present
if (domain != null) {
buf.append("; Domain=");
- maybeQuote(buf, domain);
+ maybeQuote(buf, domain, version);
}
// Max-Age=secs ... or use old "Expires" format
@@ -360,7 +360,7 @@ public final class LegacyCookieProcessor
// Path=path
if (path!=null) {
buf.append ("; Path=");
- maybeQuote(buf, path);
+ maybeQuote(buf, path, version);
}
// Secure
@@ -376,14 +376,14 @@ public final class LegacyCookieProcessor
}
- private void maybeQuote(StringBuffer buf, String value) {
+ private void maybeQuote(StringBuffer buf, String value, int version) {
if (value == null || value.length() == 0) {
buf.append("\"\"");
} else if (alreadyQuoted(value)) {
buf.append('"');
escapeDoubleQuotes(buf, value,1,value.length()-1);
buf.append('"');
- } else if (needsQuotes(value)) {
+ } else if (needsQuotes(value, version)) {
buf.append('"');
escapeDoubleQuotes(buf, value,0,value.length());
buf.append('"');
@@ -412,7 +412,7 @@ public final class LegacyCookieProcessor
}
- private boolean needsQuotes(String value) {
+ private boolean needsQuotes(String value, int version) {
if (value == null) {
return false;
}
@@ -431,7 +431,8 @@ public final class LegacyCookieProcessor
throw new IllegalArgumentException(
"Control character in cookie value or attribute.");
}
- if (!allowedWithoutQuotes.get(c)) {
+ if (version == 0 && !allowedWithoutQuotes.get(c) ||
+ version == 1 && isHttpSeparator(c)) {
return true;
}
}
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
Fri Oct 3 08:41:04 2014
@@ -140,16 +140,14 @@ public class TestCookieProcessorGenerati
public void v1ValueContainsEquals() {
Cookie cookie = new Cookie("foo", "a=b");
cookie.setVersion(1);
- doTestDefaults(cookie, "foo=\"a=b\"; Version=1", "foo=a=b");
- doTestAllowSeparators(cookie, "foo=a=b; Version=1", "foo=a=b");
+ doTest(cookie, "foo=\"a=b\"; Version=1", "foo=a=b");
}
@Test
public void v1ValueContainsQuote() {
Cookie cookie = new Cookie("foo", "a\"b");
cookie.setVersion(1);
- doTestDefaults(cookie, "foo=\"a\\\"b\"; Version=1", null);
- doTestAllowSeparators(cookie, "foo=a\"b; Version=1", null);
+ doTest(cookie, "foo=\"a\\\"b\"; Version=1", null);
}
@Test
@@ -163,16 +161,14 @@ public class TestCookieProcessorGenerati
public void v1ValueContainsBackslash() {
Cookie cookie = new Cookie("foo", "a\\b");
cookie.setVersion(1);
- doTestDefaults(cookie, "foo=\"a\\\\b\"; Version=1", null);
- doTestAllowSeparators(cookie, "foo=a\\b; Version=1", null);
+ doTest(cookie, "foo=\"a\\\\b\"; Version=1", null);
}
@Test
public void v1ValueContainsBackslashAndQuote() {
Cookie cookie = new Cookie("foo", "a\"b\\c");
cookie.setVersion(1);
- doTestDefaults(cookie, "foo=\"a\\\"b\\\\c\"; Version=1", null);
- doTestAllowSeparators(cookie, "foo=a\"b\\c; Version=1", null);
+ doTest(cookie, "foo=\"a\\\"b\\\\c\"; Version=1", null);
}
@Test
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Oct 3 08:41:04 2014
@@ -47,6 +47,12 @@
<section name="Tomcat 8.0.15 (markt)">
<subsection name="Catalina">
<changelog>
+ <fix>
+ <bug>55984</bug>: Using the allow separators in version 0 cookies
option
+ with the legacy cookie processor should only apply to version 0
cookies.
+ Version 1 cookies with values that contain separators should not be
+ affected and should continue to be quoted. (markt)
+ </fix>
<add>
<bug>56393</bug>: Add support for RFC6265 cookie parsing and
generation.
This is currently disabled by default and may be enabled via the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]