From f7d6c96bcef43cf4e9b328196129b6be9fe28514 Mon Sep 17 00:00:00 2001
From: jfclere <jfclere@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 5 Jul 2007 08:13:06 +0000
Subject: [PATCH] Escape the " in the cookie value.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk@553410 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/tomcat/util/http/ServerCookie.java | 31 ++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/ServerCookie.java b/java/org/apache/tomcat/util/http/ServerCookie.java
index 26188bc26..1c19a3a13 100644
--- a/java/org/apache/tomcat/util/http/ServerCookie.java
+++ b/java/org/apache/tomcat/util/http/ServerCookie.java
@@ -130,6 +130,7 @@ public class ServerCookie implements Serializable {
     //
     // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
     private static final String tspecials = ",; ";
+    private static final String tspecials2 = ",; \"";
 
     /*
      * Tests a string and returns true if the string counts as a
@@ -154,6 +155,19 @@ public class ServerCookie implements Serializable {
 	return true;
     }
 
+    public static boolean isToken2(String value) {
+	if( value==null) return true;
+	int len = value.length();
+
+	for (int i = 0; i < len; i++) {
+	    char c = value.charAt(i);
+
+	    if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
+		return false;
+	}
+	return true;
+    }
+
     public static boolean checkName( String name ) {
 	if (!isToken(name)
 		|| name.equalsIgnoreCase("Comment")	// rfc2019
@@ -213,7 +227,7 @@ public class ServerCookie implements Serializable {
         // this part is the same for all cookies
 	buf.append( name );
         buf.append("=");
-        maybeQuote(version, buf, value);
+        maybeQuote2(version, buf, value);
 
 	// XXX Netscape cookie: "; "
  	// add version 1 specific information
@@ -283,6 +297,17 @@ public class ServerCookie implements Serializable {
             buf.append('"');
         }
     }
+    public static void maybeQuote2 (int version, StringBuffer buf,
+            String value) {
+        // special case - a \n or \r  shouldn't happen in any case
+        if (isToken2(value)) {
+            buf.append(value);
+        } else {
+            buf.append('"');
+            buf.append(escapeDoubleQuotes(value));
+            buf.append('"');
+        }
+    }
 
     // log
     static final int dbg=1;
@@ -306,12 +331,14 @@ public class ServerCookie implements Serializable {
         }
 
         StringBuffer b = new StringBuffer();
+        char p = s.charAt(0);
         for (int i = 0; i < s.length(); i++) {
             char c = s.charAt(i);
-            if (c == '"')
+            if (c == '"' && p != '\\')
                 b.append('\\').append('"');
             else
                 b.append(c);
+            p = c;
         }
 
         return b.toString();
-- 
2.11.0