Allow cookies set by mod_rewrite to contain ':' by accepting

';' as an alternate separator.  PR47241.

Submitted By: <bugzilla schermesser com>, covener
Committed By: covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1693963 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9bc6611d0f343ed79e41c000f70ef3e3b5c9eaa9..f49e42b03d7670fc30230d97b0d96cfa14b7b18c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_rewrite:  Allow cookies set by mod_rewrite to contain ':' by accepting
+     ';' as an alternate separator.  PR47241. 
+     [<bugzilla schermesser com>, Eric Covener]
+
   *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with 
      apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
 

diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index 58eaae5e00d1c09ed53171aa9f67cb48f993fa29..e3685d87ef3b4a24f135f10c653ad7b220328d98 100644 (file)
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -137,6 +137,15 @@ follows:</p>
 [CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]
 </example>
 
+<p>If a literal ':' character is needed in any of the cookie fields, an 
+alternate syntax is available.  To opt-in to the alternate syntax, the cookie 
+"Name" should be preceded with a ';' character, and field separators should be
+specified as ';'.</p>
+
+<example>
+[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly]
+</example>
+
 <p>You must declare a name, a value, and a domain for the cookie to be set.</p>
 
 <dl>

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index a4f5efceec1eea80dd2899c69331a81f3039bba8..3135e5e0c6d7ba21903c4c29d704390a4641d380 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2510,10 +2510,18 @@ static void add_cookie(request_rec *r, char *s)
 
     char *tok_cntx;
     char *cookie;
+    /* long-standing default, but can't use ':' in a cookie */
+    const char *sep = ":"; 
 
-    var = apr_strtok(s, ":", &tok_cntx);
-    val = apr_strtok(NULL, ":", &tok_cntx);
-    domain = apr_strtok(NULL, ":", &tok_cntx);
+    /* opt-in to ; separator if first character is a ; */
+    if (s && *s == ';') { 
+        sep = ";"; 
+        s++;
+    }
+
+    var = apr_strtok(s, sep, &tok_cntx);
+    val = apr_strtok(NULL, sep, &tok_cntx);
+    domain = apr_strtok(NULL, sep, &tok_cntx);
 
     if (var && val && domain) {
         request_rec *rmain = r;
@@ -2529,10 +2537,10 @@ static void add_cookie(request_rec *r, char *s)
         if (!data) {
             char *exp_time = NULL;
 
-            expires = apr_strtok(NULL, ":", &tok_cntx);
-            path = expires ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
-            secure = path ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
-            httponly = secure ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
+            expires = apr_strtok(NULL, sep, &tok_cntx);
+            path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
+            secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
+            httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
 
             if (expires) {
                 apr_time_exp_t tms;