From 7768abed1810ac5446a2eb7520f8275ecbb009f8 Mon Sep 17 00:00:00 2001 From: markt Date: Thu, 29 Oct 2009 15:27:58 +0000 Subject: [PATCH] The single quote character ' is not a separator so it is allowed in unquoted values. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@830999 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/tomcat/util/http/Cookies.java | 4 ++-- test/org/apache/tomcat/util/http/TestCookies.java | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/java/org/apache/tomcat/util/http/Cookies.java b/java/org/apache/tomcat/util/http/Cookies.java index 759c79002..60d52b37f 100644 --- a/java/org/apache/tomcat/util/http/Cookies.java +++ b/java/org/apache/tomcat/util/http/Cookies.java @@ -51,10 +51,10 @@ public final class Cookies { // extends MultiMap { Excluding the '/' char violates the RFC, but it looks like a lot of people put '/' in unquoted values: '/': ; //47 - '\t':9 ' ':32 '\"':34 '\'':39 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60 + '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60 '=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125 */ - public static final char SEPARATORS[] = { '\t', ' ', '\"', '\'', '(', ')', ',', + public static final char SEPARATORS[] = { '\t', ' ', '\"', '(', ')', ',', ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' }; protected static final boolean separators[] = new boolean[128]; diff --git a/test/org/apache/tomcat/util/http/TestCookies.java b/test/org/apache/tomcat/util/http/TestCookies.java index 4f8fee05f..e8f1da2a8 100644 --- a/test/org/apache/tomcat/util/http/TestCookies.java +++ b/test/org/apache/tomcat/util/http/TestCookies.java @@ -74,19 +74,19 @@ public class TestCookies extends TestCase { test("$Version=1;foo=\"b\"ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b", "a", "b"); // Incorrectly escaped. test("$Version=1;foo=\"b\\\"ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b\"ar", "a", "b"); // correctly escaped. test("$Version=1;foo=\"b'ar\";$Domain=apache.org;$Port=8080;a=b", "foo", "b'ar", "a", "b"); - // JFC: sure it is "b" and not b'ar ? - test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo", "b", "a", "b"); + // ba'r is OK - ' is not a separator + test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo", "b'ar", "a", "b"); // Ends in quoted value test("foo=bar;a=\"b\"", "foo", "bar", "a", "b"); test("foo=bar;a=\"b\";", "foo", "bar", "a", "b"); // Last character is an escape character - test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo", "b"); - test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\", "foo", "b"); + test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\\"", "foo", "b'ar"); + test("$Version=1;foo=b'ar;$Domain=\"apache.org\";$Port=8080;a=\"b\\", "foo", "b'ar"); - // Bad... a token cannot be quoted with ' chars - test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\""); + // A token cannot be quoted with ' chars - they should be treated as part of the value + test("$Version=\"1\"; foo='bar'; $Path=/path; $Domain=\"localhost\"", "foo", "'bar'"); // wrong, path should not have '/' JVK test("$Version=1;foo=\"bar\";$Path=/examples;a=b; ; ", "foo", "bar", "a", "b"); -- 2.11.0