From: fhanik <fhanik@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 14 Feb 2008 13:59:00 +0000 (+0000)
Subject: Add STRICT compliance flag to impact cookie value handling to provide backwards compa... 
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=31365f71d2529655d1b80beda3ede1ddfae20e22;p=tomcat7.0

Add STRICT compliance flag to impact cookie value handling to provide backwards compatibility
Add STRICT complanice flag to impact ServletContext.getResource(AsStream) to be backwards compatible


git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@627743 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java
index 6bcd9e4d2..43708d762 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -52,6 +52,7 @@ import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.http.mapper.MappingData;
+import org.apache.catalina.Globals;
 
 
 /**
@@ -453,9 +454,12 @@ public class ApplicationContext
     public URL getResource(String path)
         throws MalformedURLException {
 
-        if (path == null || !path.startsWith("/")) {
+        if (path == null)
             throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path));
-        }
+
+        if (!path.startsWith("/") && Globals.STRICT_SERVLET_COMPLIANCE)
+            throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path));
+
         
         path = normalize(path);
         if (path == null)
@@ -507,9 +511,12 @@ public class ApplicationContext
     public InputStream getResourceAsStream(String path) {
 
         path = normalize(path);
-        if (path == null || !path.startsWith("/"))
+        if (path == null)
             return (null);
 
+        if (!path.startsWith("/") && Globals.STRICT_SERVLET_COMPLIANCE)
+            return null;
+        
         DirContext resources = context.getResources();
         if (resources != null) {
             try {
diff --git a/java/org/apache/tomcat/util/http/ServerCookie.java b/java/org/apache/tomcat/util/http/ServerCookie.java
index 9352e93d7..75697b864 100644
--- a/java/org/apache/tomcat/util/http/ServerCookie.java
+++ b/java/org/apache/tomcat/util/http/ServerCookie.java
@@ -51,6 +51,8 @@ public class ServerCookie implements Serializable {
     private int maxAge = -1;
     private int version = 0;
 
+    protected static boolean switchToV1Cookies = !Boolean.valueOf(System.getProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "false")).booleanValue();
+
     // Note: Servlet Spec =< 2.5 only refers to Netscape and RFC2109,
     // not RFC2965
 
@@ -248,7 +250,7 @@ public class ServerCookie implements Serializable {
         buf.append("=");
         // Servlet implementation does not check anything else
         
-        maybeQuote2(version, buf, value);
+        version = maybeQuote2(version, buf, value);
 
         // Add version 1 specific information
         if (version == 1) {
@@ -329,7 +331,7 @@ public class ServerCookie implements Serializable {
      * @param buf
      * @param value
      */
-    public static void maybeQuote2 (int version, StringBuffer buf, String value) {
+    public static int maybeQuote2 (int version, StringBuffer buf, String value) {
         if (value==null || value.length()==0) {
             buf.append("\"\"");
         }else if (containsCTL(value,version)) 
@@ -338,6 +340,11 @@ public class ServerCookie implements Serializable {
             buf.append('"');
             buf.append(escapeDoubleQuotes(value,1,value.length()-1));
             buf.append('"');
+        } else if (switchToV1Cookies && version==0 && !isToken2(value)) {
+            buf.append('"');
+            buf.append(escapeDoubleQuotes(value,0,value.length()));
+            buf.append('"');
+            version = 1;
         } else if (version==0 && !isToken(value)) {
             buf.append('"');
             buf.append(escapeDoubleQuotes(value,0,value.length()));
@@ -349,6 +356,7 @@ public class ServerCookie implements Serializable {
         }else {
             buf.append(value);
         }
+        return version;
     }
 
 
diff --git a/webapps/docs/config/systemprops.xml b/webapps/docs/config/systemprops.xml
index a841f7145..3eea6ffe5 100644
--- a/webapps/docs/config/systemprops.xml
+++ b/webapps/docs/config/systemprops.xml
@@ -34,6 +34,7 @@
 </section>
 
 
+
 <section name="Clustering">
   <properties>
 
@@ -195,6 +196,15 @@
       session's last accessed time to be updated regardless of whether or not
       the request explicity accesses the session. (SRV.7.6)  
       </li>
+      <li>
+        cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters.
+        <br/>If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and 
+        the value will be quoted.
+      </li>
+      <li>
+        <code>ServletContext.getResource/getResourceAsStream</code> must start with "/"<br/>
+        if set to false, code like <code>getResource("myfolder/myresource.txt")</code> will work
+      </li>
       </ul>
       </p>
     </property>