Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0E1A0E49C for ; Thu, 6 Dec 2012 21:06:57 +0000 (UTC) Received: (qmail 74438 invoked by uid 500); 6 Dec 2012 21:06:55 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 74293 invoked by uid 500); 6 Dec 2012 21:06:55 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 73667 invoked by uid 99); 6 Dec 2012 21:06:55 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Dec 2012 21:06:55 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id AD3CF81CC0C; Thu, 6 Dec 2012 21:06:54 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jan@apache.org To: commits@couchdb.apache.org X-Mailer: ASF-Git Admin Mailer Subject: [17/27] git commit: Support auth cookies with : characters Message-Id: <20121206210654.AD3CF81CC0C@tyr.zones.apache.org> Date: Thu, 6 Dec 2012 21:06:54 +0000 (UTC) Support auth cookies with : characters The parts of a couchdb authentication cookie are separated by colons. One of these parts can contain colons and, more rarely, runs of colons. The string:tokens function silently drops any empty token, thus giving a spurious failure for valid input. The fix changes this mechanism to one that losslessly decodes this part. COUCHDB-1607 Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/d9566c83 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/d9566c83 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/d9566c83 Branch: refs/heads/1597-update-erlang-oauth-1-3-0 Commit: d9566c831d002be16f866f0065a905bc23773cf9 Parents: 2774531 Author: Robert Newson Authored: Sun Nov 18 19:02:07 2012 +0000 Committer: Robert Newson Committed: Sun Nov 18 19:02:07 2012 +0000 ---------------------------------------------------------------------- src/couchdb/couch_httpd_auth.erl | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/d9566c83/src/couchdb/couch_httpd_auth.erl ---------------------------------------------------------------------- diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 0b4ba8f..5226a56 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> Cookie -> [User, TimeStr | HashParts] = try AuthSession = couch_util:decodeBase64Url(Cookie), - [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":") + [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}]) catch _:_Error -> Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,