Skip to content
Browse files

Support auth cookies with : characters

The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.

COUCHDB-1607
  • Loading branch information...
1 parent 2774531 commit d9566c831d002be16f866f0065a905bc23773cf9 @rnewson rnewson committed Nov 18, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/couchdb/couch_httpd_auth.erl
View
2 src/couchdb/couch_httpd_auth.erl
@@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Cookie ->
[User, TimeStr | HashParts] = try
AuthSession = couch_util:decodeBase64Url(Cookie),
- [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":")
+ [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
catch
_:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,

0 comments on commit d9566c8

Please sign in to comment.
Something went wrong with that request. Please try again.