From: fhanik <fhanik@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 19 Mar 2008 03:46:17 +0000 (+0000)
Subject: Only allow version switching on the "value" of the cookie, for the rest, just quote... 
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=077f04dfba8f0927cd53e16471a4848bcf3fcbcb;p=tomcat7.0

Only allow version switching on the "value" of the cookie, for the rest, just quote like we did in the past. this becomes the most backwards compatible with old behavior


git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@638695 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/tomcat/util/http/ServerCookie.java b/java/org/apache/tomcat/util/http/ServerCookie.java
index 7919cd7ac..f50592dc1 100644
--- a/java/org/apache/tomcat/util/http/ServerCookie.java
+++ b/java/org/apache/tomcat/util/http/ServerCookie.java
@@ -255,7 +255,7 @@ public class ServerCookie implements Serializable {
         buf.append("=");
         // Servlet implementation does not check anything else
         
-        version = maybeQuote2(version, buf, value);
+        version = maybeQuote2(version, buf, value,true);
 
         // Add version 1 specific information
         if (version == 1) {
@@ -299,10 +299,7 @@ public class ServerCookie implements Serializable {
         // Path=path
         if (path!=null) {
             buf.append ("; Path=");
-            if (version>0)
-                maybeQuote2(version, buf, path); //don't quote the path for v0 cookies
-            else
-                buf.append(path);
+            maybeQuote2(version, buf, path);
         }
 
         // Secure
@@ -340,6 +337,10 @@ public class ServerCookie implements Serializable {
      * @param value
      */
     public static int maybeQuote2 (int version, StringBuffer buf, String value) {
+        return maybeQuote2(version,buf,value,false);
+    }
+
+    public static int maybeQuote2 (int version, StringBuffer buf, String value, boolean allowVersionSwitch) {
         if (value==null || value.length()==0) {
             buf.append("\"\"");
         }else if (containsCTL(value,version)) 
@@ -348,7 +349,7 @@ public class ServerCookie implements Serializable {
             buf.append('"');
             buf.append(escapeDoubleQuotes(value,1,value.length()-1));
             buf.append('"');
-        } else if ((!STRICT_SERVLET_COMPLIANCE) && version==0 && !isToken2(value)) {
+        } else if (allowVersionSwitch && (!STRICT_SERVLET_COMPLIANCE) && version==0 && !isToken2(value)) {
             buf.append('"');
             buf.append(escapeDoubleQuotes(value,0,value.length()));
             buf.append('"');