archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-21 19:44:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

7188517: Check on '$' character is missing in the HttpCookie class constructor

Browse source 
Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown.

Reviewed-by: chegar, khazra, michaelm
This commit is contained in:
John Zavgren 2013-05-31 15:18:15 -04:00 committed by John Zavgren
parent b593542883
commit ae11ef7f7f
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
jdk/src/share/classes/java/net/HttpCookie.java
View file

@ -128,8 +128,7 @@ public final class HttpCookie implements Cloneable {
* a {@code String} specifying the value of the cookie * a {@code String} specifying the value of the cookie
* *
* @throws IllegalArgumentException * @throws IllegalArgumentException
* if the cookie name contains illegal characters or it is one of * if the cookie name contains illegal characters
* the tokens reserved for use by the cookie protocol
* @throws NullPointerException * @throws NullPointerException
* if {@code name} is {@code null} * if {@code name} is {@code null}
* *
@ -142,7 +141,7 @@ public final class HttpCookie implements Cloneable {
private HttpCookie(String name, String value, String header) { private HttpCookie(String name, String value, String header) {
name = name.trim(); name = name.trim();
if (name.length() == 0 || !isToken(name)) { if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
throw new IllegalArgumentException("Illegal cookie name"); throw new IllegalArgumentException("Illegal cookie name");
} }
@ -170,9 +169,8 @@ public final class HttpCookie implements Cloneable {
* @return a List of cookie parsed from header line string * @return a List of cookie parsed from header line string
* *
* @throws IllegalArgumentException * @throws IllegalArgumentException
* if header string violates the cookie specification's syntax, or * if header string violates the cookie specification's syntax or
* the cookie name contains illegal characters, or the cookie name * the cookie name contains illegal characters.
* is one of the tokens reserved for use by the cookie protocol
* @throws NullPointerException * @throws NullPointerException
* if the header string is {@code null} * if the header string is {@code null}
*/ */

4
jdk/test/java/net/CookieHandler/TestHttpCookie.java
View file

@ -243,6 +243,10 @@ public class TestHttpCookie {
test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"") test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
.n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme"); .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");
// $NAME is reserved; result should be null
test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
.nil();
// a 'full' cookie // a 'full' cookie
test("set-cookie2: Customer=\"WILE_E_COYOTE\"" + test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
";Version=\"1\"" + ";Version=\"1\"" +