changelog.xml

markt Fri, 03 Oct 2014 01:41:44 -0700

Author: markt
Date: Fri Oct  3 08:41:04 2014
New Revision: 1629141

URL: http://svn.apache.org/r1629141
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55984
Using the allow separators in version 0 cookies option with the legacy cookie 
processor should only apply to version 0 cookies. Version 1 cookies with values 
that contain separators should not be affected and should continue to be quoted.


Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
    
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 
Fri Oct  3 08:41:04 2014
@@ -300,7 +300,7 @@ public final class LegacyCookieProcessor
 
         if (version == 0) {
             // Check for the things that require a v1 cookie
-            if (needsQuotes(value) || comment != null || needsQuotes(path) || 
needsQuotes(domain)) {
+            if (needsQuotes(value, 0) || comment != null || needsQuotes(path, 
0) || needsQuotes(domain, 0)) {
                 version = 1;
             }
         }
@@ -313,7 +313,7 @@ public final class LegacyCookieProcessor
         buf.append("=");
 
         // Value
-        maybeQuote(buf, value);
+        maybeQuote(buf, value, version);
 
         // Add version 1 specific information
         if (version == 1) {
@@ -323,14 +323,14 @@ public final class LegacyCookieProcessor
             // Comment=comment
             if (comment != null) {
                 buf.append ("; Comment=");
-                maybeQuote(buf, comment);
+                maybeQuote(buf, comment, version);
             }
         }
 
         // Add domain information, if present
         if (domain != null) {
             buf.append("; Domain=");
-            maybeQuote(buf, domain);
+            maybeQuote(buf, domain, version);
         }
 
         // Max-Age=secs ... or use old "Expires" format
@@ -360,7 +360,7 @@ public final class LegacyCookieProcessor
         // Path=path
         if (path!=null) {
             buf.append ("; Path=");
-            maybeQuote(buf, path);
+            maybeQuote(buf, path, version);
         }
 
         // Secure
@@ -376,14 +376,14 @@ public final class LegacyCookieProcessor
     }
 
 
-    private void maybeQuote(StringBuffer buf, String value) {
+    private void maybeQuote(StringBuffer buf, String value, int version) {
         if (value == null || value.length() == 0) {
             buf.append("\"\"");
         } else if (alreadyQuoted(value)) {
             buf.append('"');
             escapeDoubleQuotes(buf, value,1,value.length()-1);
             buf.append('"');
-        } else if (needsQuotes(value)) {
+        } else if (needsQuotes(value, version)) {
             buf.append('"');
             escapeDoubleQuotes(buf, value,0,value.length());
             buf.append('"');
@@ -412,7 +412,7 @@ public final class LegacyCookieProcessor
     }
 
 
-    private boolean needsQuotes(String value) {
+    private boolean needsQuotes(String value, int version) {
         if (value == null) {
             return false;
         }
@@ -431,7 +431,8 @@ public final class LegacyCookieProcessor
                 throw new IllegalArgumentException(
                         "Control character in cookie value or attribute.");
             }
-            if (!allowedWithoutQuotes.get(c)) {
+            if (version == 0 && !allowedWithoutQuotes.get(c) ||
+                    version == 1 && isHttpSeparator(c)) {
                 return true;
             }
         }

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
 (original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
 Fri Oct  3 08:41:04 2014
@@ -140,16 +140,14 @@ public class TestCookieProcessorGenerati
     public void v1ValueContainsEquals() {
         Cookie cookie = new Cookie("foo", "a=b");
         cookie.setVersion(1);
-        doTestDefaults(cookie, "foo=\"a=b\"; Version=1", "foo=a=b");
-        doTestAllowSeparators(cookie, "foo=a=b; Version=1", "foo=a=b");
+        doTest(cookie, "foo=\"a=b\"; Version=1", "foo=a=b");
     }
 
     @Test
     public void v1ValueContainsQuote() {
         Cookie cookie = new Cookie("foo", "a\"b");
         cookie.setVersion(1);
-        doTestDefaults(cookie, "foo=\"a\\\"b\"; Version=1", null);
-        doTestAllowSeparators(cookie, "foo=a\"b; Version=1", null);
+        doTest(cookie, "foo=\"a\\\"b\"; Version=1", null);
     }
 
     @Test
@@ -163,16 +161,14 @@ public class TestCookieProcessorGenerati
     public void v1ValueContainsBackslash() {
         Cookie cookie = new Cookie("foo", "a\\b");
         cookie.setVersion(1);
-        doTestDefaults(cookie, "foo=\"a\\\\b\"; Version=1", null);
-        doTestAllowSeparators(cookie, "foo=a\\b; Version=1", null);
+        doTest(cookie, "foo=\"a\\\\b\"; Version=1", null);
     }
 
     @Test
     public void v1ValueContainsBackslashAndQuote() {
         Cookie cookie = new Cookie("foo", "a\"b\\c");
         cookie.setVersion(1);
-        doTestDefaults(cookie, "foo=\"a\\\"b\\\\c\"; Version=1", null);
-        doTestAllowSeparators(cookie, "foo=a\"b\\c; Version=1", null);
+        doTest(cookie, "foo=\"a\\\"b\\\\c\"; Version=1", null);
     }
 
     @Test

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1629141&r1=1629140&r2=1629141&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Oct  3 08:41:04 2014
@@ -47,6 +47,12 @@
 <section name="Tomcat 8.0.15 (markt)">
   <subsection name="Catalina">
     <changelog>
+      <fix>
+        <bug>55984</bug>: Using the allow separators in version 0 cookies 
option
+        with the legacy cookie processor should only apply to version 0 
cookies.
+        Version 1 cookies with values that contain separators should not be
+        affected and should continue to be quoted. (markt)
+      </fix>
       <add>
         <bug>56393</bug>: Add support for RFC6265 cookie parsing and 
generation.
         This is currently disabled by default and may be enabled via the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1629141 - in /tomcat/trunk: java/org/apache/tomcat/util/http/LegacyCookieProcessor.java test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java webapps/docs/changelog.xml

Reply via email to