Author: markt Date: Thu Apr 30 10:04:08 2015 New Revision: 1676943 URL: http://svn.apache.org/r1676943 Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57871 Ensure that setting the allowHttpSepsInV0 property of LegacyCookieProcessor to false only prevents HTTP separators from being used without quotes.
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java Modified: tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1676943&r1=1676942&r2=1676943&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java Thu Apr 30 10:04:08 2015 @@ -184,7 +184,7 @@ public final class LegacyCookieProcessor if (allowHttpSepsInV0) { allowedWithoutQuotes.set(sep); } else { - allowedWithoutQuotes.clear(); + allowedWithoutQuotes.clear(sep); } } if (getForwardSlashIsSeparator() && !allowHttpSepsInV0) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org