Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P03
-
Fix Version/s: EE-1.8.2.GA_P05
-
Component/s: Framework
-
Labels:None
-
Environment:ICEfaces
-
Assignee Priority:P2
Description
HTTP headers are set in the following lines of code
ServletExternalContext.java:295
ServletRequestResponse.java:245
ServletRequestResponse.java:249
This header text must be escaped or trimmed to ensure that the resulting header does not corrupt the HTTP response.
Activity
Ted Goddard
created issue -
Ted Goddard
made changes -
Field | Original Value | New Value |
---|---|---|
Salesforce Case | [] |
Arran Mccullough
made changes -
Salesforce Case | [5007000000O8ixC] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #31785 | Fri Oct 26 08:46:13 MDT 2012 | jack.van.ooststroom | Fixed JIRA |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletRequestResponse.java
MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletExternalContext.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #31815 | Mon Oct 29 11:54:00 MDT 2012 | jack.van.ooststroom | Fixed JIRA |
Files Changed | ||||
ADD
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/HttpMessageHeaderValueValidator.java
|
Migration
made changes -
Assignee | Jack Van Ooststroom [ jack.van.ooststroom ] | |
Assignee Priority | P2 [ 10011 ] |
Migration
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
According to RFC 2616 Section 4.2:
OCTET = <any 8-bit sequence of data>
{" | "}CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
CR = <US-ASCII CR, carriage return (13)>
LF = <US-ASCII LF, linefeed (10)>
SP = <US-ASCII SP, space (32)>
HT = <US-ASCII HT, horizontal-tab (9)>
CRLF = CR LF
LWS = [CRLF] 1*( SP | HT )
TEXT = <any OCTET except CTLs,
but including LWS>
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "
" | SP | HT
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext = <any TEXT except <">>
quoted-pair = "\" CHAR
field-value = *( field-content | LWS )
field-content = <the OCTETs making up the field-value
and consisting of either *TEXT or combinations
of token, separators, and quoted-string>
(Restricted to faces-core group)