svn commit: r553410 - /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java

Thu, 05 Jul 2007 01:13:38 -0700 

Author: jfclere
Date: Thu Jul  5 01:13:06 2007
New Revision: 553410

URL: http://svn.apache.org/viewvc?view=rev&rev=553410
Log:
Escape the " in the cookie value.

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java?view=diff&rev=553410&r1=553409&r2=553410
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookie.java Thu 
Jul  5 01:13:06 2007
@@ -130,6 +130,7 @@
     //
     // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
     private static final String tspecials = ",; ";
+    private static final String tspecials2 = ",; \"";
 
     /*
      * Tests a string and returns true if the string counts as a
@@ -154,6 +155,19 @@
        return true;
     }
 
+    public static boolean isToken2(String value) {
+       if( value==null) return true;
+       int len = value.length();
+
+       for (int i = 0; i < len; i++) {
+           char c = value.charAt(i);
+
+           if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1)
+               return false;
+       }
+       return true;
+    }
+
     public static boolean checkName( String name ) {
        if (!isToken(name)
                || name.equalsIgnoreCase("Comment")     // rfc2019
@@ -213,7 +227,7 @@
         // this part is the same for all cookies
        buf.append( name );
         buf.append("=");
-        maybeQuote(version, buf, value);
+        maybeQuote2(version, buf, value);
 
        // XXX Netscape cookie: "; "
        // add version 1 specific information
@@ -283,6 +297,17 @@
             buf.append('"');
         }
     }
+    public static void maybeQuote2 (int version, StringBuffer buf,
+            String value) {
+        // special case - a \n or \r  shouldn't happen in any case
+        if (isToken2(value)) {
+            buf.append(value);
+        } else {
+            buf.append('"');
+            buf.append(escapeDoubleQuotes(value));
+            buf.append('"');
+        }
+    }
 
     // log
     static final int dbg=1;
@@ -306,12 +331,14 @@
         }
 
         StringBuffer b = new StringBuffer();
+        char p = s.charAt(0);
         for (int i = 0; i < s.length(); i++) {
             char c = s.charAt(i);
-            if (c == '"')
+            if (c == '"' && p != '\\')
                 b.append('\\').append('"');
             else
                 b.append(c);
+            p = c;
         }
 
         return b.toString();



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to