Fixed bug in decodeHttpAuth() causing colons in a password (and everything afterwards) to be swallowed. Note: RFC 2617 explicitely allows colons in passwords, just not in usernames.

src/helma/framework/RequestTrans.java

@@ -615,7 +615,12 @@ public class RequestTrans implements Serializable {
         }
 
         try {
-            httpPassword = tok.nextToken();
+            StringBuffer buf = new StringBuffer(tok.nextToken());
+            while (tok.hasMoreTokens()) {
+                buf.append(":");
+                buf.append(tok.nextToken());
+            }
+            httpPassword = buf.toString();
         } catch (NoSuchElementException e) {
             httpPassword = null;
         }