Merge r1693963 from trunk:

Allow cookies set by mod_rewrite to contain ':' by accepting
';' as an alternate separator.  PR47241.

Submitted By: <bugzilla schermesser com>, covener
Committed By: covener

Submitted by: covener
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701409 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index c3b04943f4af68871e92433a4c3cd1a0aad7f686..5755bbdffcac5db04d7509fc3a45e5161345c89b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.17
 
+  *) mod_rewrite:  Allow cookies set by mod_rewrite to contain ':' by accepting
+     ';' as an alternate separator.  PR47241. 
+     [<bugzilla schermesser com>, Eric Covener]
+
   *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with 
      apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
 

diff --git a/STATUS b/STATUS
index a03383bf27c0402de80d1b4a42a3b5516dc94387..930da1f51d370101a797d86f812770b59436ddb7 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -109,12 +109,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_rewrite: Allow cookies to include ':' by using an alternate separator.
-     PR47241.
-     trunk: http://svn.apache.org/r1693963
-     2.4.x: trunk works modulo CHANGES
-     +1: covener, ylavic, jim
-
   *) mod_session_dbd: fix lifetime of Request notes.
      trunk: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1679181&r2=1687087&view=patch
      2.4.x: trunk patch applies.

diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index 8ecbd5f344196559ba33641dc55375dbb8a32b0f..1fff1e947d54f7bbb504e28f115e399cc8d19005 100644 (file)
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -124,6 +124,15 @@ follows:</p>
 [CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]
 </example>
 
+<p>If a literal ':' character is needed in any of the cookie fields, an 
+alternate syntax is available.  To opt-in to the alternate syntax, the cookie 
+"Name" should be preceded with a ';' character, and field separators should be
+specified as ';'.</p>
+
+<example>
+[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly]
+</example>
+
 <p>You must declare a name, a value, and a domain for the cookie to be set.</p>
 
 <dl>

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 90cff5c583fdd57022b654164203b0b6c614a113..a73263cbad5d9de6d44df5cf59411d463c9bbaca 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2485,10 +2485,18 @@ static void add_cookie(request_rec *r, char *s)
 
     char *tok_cntx;
     char *cookie;
+    /* long-standing default, but can't use ':' in a cookie */
+    const char *sep = ":"; 
 
-    var = apr_strtok(s, ":", &tok_cntx);
-    val = apr_strtok(NULL, ":", &tok_cntx);
-    domain = apr_strtok(NULL, ":", &tok_cntx);
+    /* opt-in to ; separator if first character is a ; */
+    if (s && *s == ';') { 
+        sep = ";"; 
+        s++;
+    }
+
+    var = apr_strtok(s, sep, &tok_cntx);
+    val = apr_strtok(NULL, sep, &tok_cntx);
+    domain = apr_strtok(NULL, sep, &tok_cntx);
 
     if (var && val && domain) {
         request_rec *rmain = r;
@@ -2504,10 +2512,10 @@ static void add_cookie(request_rec *r, char *s)
         if (!data) {
             char *exp_time = NULL;
 
-            expires = apr_strtok(NULL, ":", &tok_cntx);
-            path = expires ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
-            secure = path ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
-            httponly = secure ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
+            expires = apr_strtok(NULL, sep, &tok_cntx);
+            path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
+            secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
+            httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
 
             if (expires) {
                 apr_time_exp_t tms;