Fix RT#31036

diff --git a/Changes b/Changes
index 8f184b9..70fb4eb 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,6 @@
-0.11 2008-XX-XX
+0.11 2008-11-12
     - Changed cache modules used in the tests to not be deprecated.
+    - Fix RT#31036, and comply with RFC2617 Section 1.2.
 
 0.10  2007-04-26
     - switch to Module::Install

diff --git a/lib/Catalyst/Plugin/Authentication/Credential/HTTP.pm b/lib/Catalyst/Plugin/Authentication/Credential/HTTP.pm
index bbd322a..b721f96 100644 (file)
--- a/lib/Catalyst/Plugin/Authentication/Credential/HTTP.pm
+++ b/lib/Catalyst/Plugin/Authentication/Credential/HTTP.pm
@@ -11,7 +11,7 @@ use URI::Escape    ();
 use Catalyst       ();
 use Digest::MD5    ();
 
-our $VERSION = "0.10";
+our $VERSION = "0.11";
 
 sub authenticate_http {
     my ( $c, @args ) = @_;
@@ -247,7 +247,9 @@ sub _build_auth_header_realm {
     my ( $c, $opts ) = @_;    
 
     if ( my $realm = $opts->{realm} ) {
-        return 'realm=' . String::Escape::qprintable($realm);
+       my $realm_name = String::Escape::qprintable($realm); 
+       $realm_name =~ s/"/\\"/g;
+       return 'realm="' . $realm_name . '"';
     } else {
         return;
     }

diff --git a/t/basic.t b/t/basic.t
index e07cb55..25f78fd 100644 (file)
--- a/t/basic.t
+++ b/t/basic.t
@@ -52,4 +52,5 @@ is( $content_type, 'text/plain' );
 is( $body, 'Authorization required.' );
 like( ($res_headers->header('WWW-Authenticate'))[0], qr/^Digest/, "WWW-Authenticate header set: digest");
 like( ($res_headers->header('WWW-Authenticate'))[1], qr/^Basic/, "WWW-Authenticate header set: basic");
-like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm=foo/, "WWW-Authenticate header set: basic with realm");
+like( ($res_headers->header('WWW-Authenticate'))[1], qr/realm="foo"/, "WWW-Authenticate header set: basic with realm");
+