From: Jim Jagielski Date: Sat, 5 Sep 2015 17:02:41 +0000 (+0000) Subject: Merge r1693963 from trunk: X-Git-Tag: 2.4.17~156 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0902a57b0ab0c7e2a98e41adcbd99817ee0fe4f4;p=thirdparty%2Fapache%2Fhttpd.git Merge r1693963 from trunk: Allow cookies set by mod_rewrite to contain ':' by accepting ';' as an alternate separator. PR47241. Submitted By: , covener Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701409 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c3b04943f4a..5755bbdffca 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.17 + *) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting + ';' as an alternate separator. PR47241. + [, Eric Covener] + *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with apxs -q. PR58202. [Daniel Shahaf ] diff --git a/STATUS b/STATUS index a03383bf27c..930da1f51d3 100644 --- a/STATUS +++ b/STATUS @@ -109,12 +109,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_rewrite: Allow cookies to include ':' by using an alternate separator. - PR47241. - trunk: http://svn.apache.org/r1693963 - 2.4.x: trunk works modulo CHANGES - +1: covener, ylavic, jim - *) mod_session_dbd: fix lifetime of Request notes. trunk: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1679181&r2=1687087&view=patch 2.4.x: trunk patch applies. diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml index 8ecbd5f3441..1fff1e947d5 100644 --- a/docs/manual/rewrite/flags.xml +++ b/docs/manual/rewrite/flags.xml @@ -124,6 +124,15 @@ follows:

[CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly] +

If a literal ':' character is needed in any of the cookie fields, an +alternate syntax is available. To opt-in to the alternate syntax, the cookie +"Name" should be preceded with a ';' character, and field separators should be +specified as ';'.

+ + +[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly] + +

You must declare a name, a value, and a domain for the cookie to be set.

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 90cff5c583f..a73263cbad5 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -2485,10 +2485,18 @@ static void add_cookie(request_rec *r, char *s) char *tok_cntx; char *cookie; + /* long-standing default, but can't use ':' in a cookie */ + const char *sep = ":"; - var = apr_strtok(s, ":", &tok_cntx); - val = apr_strtok(NULL, ":", &tok_cntx); - domain = apr_strtok(NULL, ":", &tok_cntx); + /* opt-in to ; separator if first character is a ; */ + if (s && *s == ';') { + sep = ";"; + s++; + } + + var = apr_strtok(s, sep, &tok_cntx); + val = apr_strtok(NULL, sep, &tok_cntx); + domain = apr_strtok(NULL, sep, &tok_cntx); if (var && val && domain) { request_rec *rmain = r; @@ -2504,10 +2512,10 @@ static void add_cookie(request_rec *r, char *s) if (!data) { char *exp_time = NULL; - expires = apr_strtok(NULL, ":", &tok_cntx); - path = expires ? apr_strtok(NULL, ":", &tok_cntx) : NULL; - secure = path ? apr_strtok(NULL, ":", &tok_cntx) : NULL; - httponly = secure ? apr_strtok(NULL, ":", &tok_cntx) : NULL; + expires = apr_strtok(NULL, sep, &tok_cntx); + path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL; + secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL; + httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL; if (expires) { apr_time_exp_t tms;