Permalink
Browse files

Support auth cookies with : characters

The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.

COUCHDB-1607
  • Loading branch information...
1 parent 43b76b7 commit 79b54be0fe25f796ac3419b85dd75c466d478755 @rnewson rnewson committed with benoitc Nov 18, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 apps/couch_httpd/src/couch_httpd_auth.erl
@@ -162,7 +162,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Cookie ->
[User, TimeStr | HashParts] = try
AuthSession = couch_util:decodeBase64Url(Cookie),
- [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":")
+ [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
catch
_:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,

0 comments on commit 79b54be

Please sign in to comment.