--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007/07/25 02:14:15 559282 +++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/ServerCookie.java 2007/07/25 02:19:40 559283 @@ -123,6 +123,7 @@ // // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t"; private static final String tspecials = ",;"; + private static final String tspecials2 = ",; \""; /* * Tests a string and returns true if the string counts as a @@ -147,6 +148,20 @@ return true; } + public static boolean isToken2(String value) { + if( value==null) return true; + int len = value.length(); + + for (int i = 0; i < len; i++) { + char c = value.charAt(i); + + if (c < 0x20 || c >= 0x7f || tspecials2.indexOf(c) != -1) + return false; + } + return true; + } + + public static boolean checkName( String name ) { if (!isToken(name) || name.equalsIgnoreCase("Comment") // rfc2019 @@ -206,7 +221,7 @@ // this part is the same for all cookies buf.append( name ); buf.append("="); - maybeQuote(version, buf, value); + maybeQuote2(version, buf, value); // XXX Netscape cookie: "; " // add version 1 specific information @@ -276,16 +291,56 @@ throw new IllegalArgumentException( value ); else { buf.append ('"'); - buf.append (value); + buf.append (escapeDoubleQuotes(value)); buf.append ('"'); } } } + public static void maybeQuote2 (int version, StringBuffer buf, + String value) { + // special case - a \n or \r shouldn't happen in any case + if (isToken2(value)) { + buf.append(value); + } else { + buf.append('"'); + buf.append(escapeDoubleQuotes(value)); + buf.append('"'); + } + } + + // log static final int dbg=1; public static void log(String s ) { System.out.println("ServerCookie: " + s); + } + + /** + * Escapes any double quotes in the given string. + * + * @param s the input string + * + * @return The (possibly) escaped string + */ + private static String escapeDoubleQuotes(String s) { + + if (s == null || s.length() == 0 || s.indexOf('"') == -1) { + return s; + } + + StringBuffer b = new StringBuffer(); + char p = s.charAt(0); + for (int i = 0; i < s.length(); i++) { + char c = s.charAt(i); + if (c == '"' && p != '\\') + b.append('\\').append('"'); + else + b.append(c); + p = c; + } + + return b.toString(); } } --- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 11:23:52.000000000 +0200 +++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/http/Cookies.java 2007-08-24 11:43:55.000000000 +0200 @@ -243,9 +243,11 @@ // quote is valid only in version=1 cookies cc=bytes[pos]; - if( ( version == 1 || isSpecial ) && ( cc== '\'' || cc=='"' ) ) { - startValue++; - endValue=indexOf( bytes, startValue, end, cc ); + if( ( version == 1 || isSpecial ) && ( cc== '"' ) ) { + endValue=findDelim3( bytes, startValue+1, end, cc ); + if (endValue == -1) { + endValue = findDelim2(bytes, startValue+1, end); + } else startValue++; pos=endValue+1; // to skip to next cookie } else { endValue=findDelim2( bytes, startValue, end ); @@ -321,28 +323,26 @@ return off; } - public static int indexOf( byte bytes[], int off, int end, byte qq ) + /* + * search for cc but skip \cc as required by rfc2616 + * (according to rfc2616 cc should be ") + */ + public static int findDelim3( byte bytes[], int off, int end, byte cc ) { - while( off < end ) { - byte b=bytes[off]; - if( b==qq ) - return off; - off++; - } - return off; + while( off < end ) { + byte b=bytes[off]; + if (b=='\\') { + off++; + off++; + continue; + } + if( b==cc ) + return off; + off++; + } + return -1; } - public static int indexOf( byte bytes[], int off, int end, char qq ) - { - while( off < end ) { - byte b=bytes[off]; - if( b==qq ) - return off; - off++; - } - return off; - } - // XXX will be refactored soon! public static boolean equals( String s, byte b[], int start, int end) { int blen = end-start;