diff options
author | Robert Newson <rnewson@apache.org> | 2012-11-18 19:02:07 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2012-11-18 19:02:07 +0000 |
commit | d9566c831d002be16f866f0065a905bc23773cf9 (patch) | |
tree | f86ef19fc31da61fa61e48b50c0d3969f5c86bde | |
parent | 2774531ff2946c0155dc6cb2af153e6378c41963 (diff) | |
download | couchdb-d9566c831d002be16f866f0065a905bc23773cf9.tar.gz |
Support auth cookies with : characters
The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.
COUCHDB-1607
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 0b4ba8f86..5226a56a6 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> Cookie -> [User, TimeStr | HashParts] = try AuthSession = couch_util:decodeBase64Url(Cookie), - [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":") + [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}]) catch _:_Error -> Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>, |