Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 23C36200AC0 for ; Tue, 10 May 2016 08:17:45 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 221A2160A0F; Tue, 10 May 2016 06:17:45 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6B5161609A8 for ; Tue, 10 May 2016 08:17:44 +0200 (CEST) Received: (qmail 10058 invoked by uid 500); 10 May 2016 06:17:43 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 10048 invoked by uid 99); 10 May 2016 06:17:43 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2016 06:17:43 +0000 Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPS id 317E81A0158 for ; Tue, 10 May 2016 06:17:43 +0000 (UTC) Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33) id 495E26033A; Tue, 10 May 2016 06:17:41 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 59450] New: allowHttpSepsInV0 attribute and forwardSlashIsSeparator attribute don't handle correctly Date: Tue, 10 May 2016 06:17:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 9 X-Bugzilla-Component: Catalina X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: nakamura.kyohei.lab@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: ----- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 archived-at: Tue, 10 May 2016 06:17:45 -0000 https://bz.apache.org/bugzilla/show_bug.cgi?id=59450 Bug ID: 59450 Summary: allowHttpSepsInV0 attribute and forwardSlashIsSeparator attribute don't handle correctly Product: Tomcat 9 Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: nakamura.kyohei.lab@gmail.com Created attachment 33833 --> https://bz.apache.org/bugzilla/attachment.cgi?id=33833&action=edit patch against trunk When the value of cookie includes slash character ('/') and the cookie version is 0, the org.apache.tomcat.util.http.LegacyCookieProcessor don't handle them correctly. If the allowHttpSepsInV0 attribute set to false and the forwardSlashIsSeparator attribute set to true, the cookie value should be quoted. However, it is not quoted. If the allowHttpSepsInV0 attribute is false and the forwardSlashIsSeparator attribute is true, allowedWithoutQuotes.clear('/') should be called. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org