olegk 2003/01/28 14:09:52
Modified: httpclient/src/java/org/apache/commons/httpclient/cookie
CookieSpecBase.java RFC2109Spec.java
httpclient/src/test/org/apache/commons/httpclient
TestCookie.java
Log:
PR: 16497, 16505
Submitted by: Oleg Kalnichevski
Fixes the following bugs:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16497
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16505
Revision Changes Path
1.10 +10 -3
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java
Index: CookieSpecBase.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- CookieSpecBase.java 28 Jan 2003 04:40:23 -0000 1.9
+++ CookieSpecBase.java 28 Jan 2003 22:09:48 -0000 1.10
@@ -446,6 +446,13 @@
+ "\". Domain of origin: \"" + host + "\"");
}
}
+ else {
+ if (!host.equals(cookie.getDomain())) {
+ throw new MalformedCookieException(
+ "Illegal domain attribute \"" + cookie.getDomain()
+ + "\". Domain of origin: \"" + host + "\"");
+ }
+ }
// another security check... we musn't allow the server to give us a
// cookie that doesn't match this path
1.9 +26 -20
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/RFC2109Spec.java
Index: RFC2109Spec.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/RFC2109Spec.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- RFC2109Spec.java 28 Jan 2003 04:40:23 -0000 1.8
+++ RFC2109Spec.java 28 Jan 2003 22:09:48 -0000 1.9
@@ -167,17 +167,22 @@
if (dotIndex < 0 || dotIndex == cookie.getDomain().length() - 1) {
throw new MalformedCookieException("Domain attribute \""
+ cookie.getDomain()
- + "\" violates RFC 2109: domain must contain an "
- + "embedded dot");
+ + "\" violates RFC 2109: domain must contain an embedded dot");
}
- // host minus domain may not contain any dots
- if (host.substring(0,
- host.length()
- - cookie.getDomain().length()).indexOf('.') != -1) {
- throw new MalformedCookieException("Domain attribute \""
- + cookie.getDomain()
- + "\" violates RFC 2109: host minus domain may not "
- + "contain any dots");
+ host = host.toLowerCase();
+ if (host.indexOf('.') >= 0) {
+ if (!host.endsWith(cookie.getDomain())) {
+ throw new MalformedCookieException(
+ "Illegal domain attribute \"" + cookie.getDomain()
+ + "\". Domain of origin: \"" + host + "\"");
+ }
+ // host minus domain may not contain any dots
+ String hostWithoutDomain = host.substring(0, host.length() -
cookie.getDomain().length());
+ if (hostWithoutDomain.indexOf('.') != -1) {
+ throw new MalformedCookieException("Domain attribute \""
+ + cookie.getDomain()
+ + "\" violates RFC 2109: host minus domain may not contain
any dots");
+ }
}
}
}
@@ -246,7 +251,13 @@
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
- return formatCookieAsVer(cookie, cookie.getVersion());
+ int ver = cookie.getVersion();
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(formatNameValuePair("$Version",
+ Integer.toString(ver), ver));
+ buffer.append("; ");
+ buffer.append(formatCookieAsVer(cookie, ver));
+ return buffer.toString();
}
/**
@@ -286,11 +297,6 @@
*/
public Header formatCookieHeader(Cookie cookie) {
LOG.trace("enter RFC2109Spec.formatCookieHeader(Cookie)");
- StringBuffer buffer = new StringBuffer();
- buffer.append(formatNameValuePair("$Version",
- Integer.toString(cookie.getVersion()), cookie.getVersion()));
- buffer.append("; ");
- buffer.append(formatCookie(cookie));
- return new Header("Cookie", buffer.toString());
+ return new Header("Cookie", formatCookie(cookie));
}
}
1.20 +48 -6
jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java
Index: TestCookie.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- TestCookie.java 23 Jan 2003 22:48:25 -0000 1.19
+++ TestCookie.java 28 Jan 2003 22:09:51 -0000 1.20
@@ -792,7 +792,48 @@
// Expected
}
}
+
+ /**
+ * Tests if default cookie validator rejects cookies originating from a host
without domain
+ * where domain attribute does not match the host of origin
+ */
+ public void testInvalidDomainWithSimpleHostName() {
+ CookieSpec parser = CookiePolicy.getDefaultSpec();
+ Header setCookie = null;
+ Cookie[] cookies = null;
+ try {
+ setCookie = new Header(
+ "Set-Cookie", "name=\"value\"; version=\"1\"; path=\"/\";
domain=\".mydomain.com\"");
+ cookies = parser.parse("host", 80, "/", false, setCookie );
+ try {
+ parser.validate("host", 80, "/", false, cookies[0]);
+ fail("MalformedCookieException must have thrown");
+ }
+ catch(MalformedCookieException expected) {
+ }
+ }
+ catch(HttpException e) {
+ e.printStackTrace();
+ fail("Unexpected exception: " + e.toString());
+ }
+ try {
+ setCookie = new Header(
+ "Set-Cookie", "name=\"value\"; version=\"1\"; path=\"/\";
domain=\"host1\"");
+ cookies = parser.parse("host2", 80, "/", false, setCookie );
+ try {
+ parser.validate("host2", 80, "/", false, cookies[0]);
+ fail("MalformedCookieException must have thrown");
+ }
+ catch(MalformedCookieException expected) {
+ }
+ }
+ catch(HttpException e) {
+ e.printStackTrace();
+ fail("Unexpected exception: " + e.toString());
+ }
+ }
+
/**
* Makes sure that a cookie matches with a path of the same value.
*/
@@ -817,6 +858,7 @@
}
+
/**
* Tests generic cookie formatting.
*/
@@ -872,14 +914,14 @@
cookies = parser.parse("myhost.mydomain.com", 80, "/", false, setCookie
);
parser.validate("myhost.mydomain.com", 80, "/", false, cookies[0]);
String s1 = parser.formatCookie(cookies[0]);
- assertEquals(s1, "name=\"value\"; $Domain=\".mydomain.com\";
$Path=\"/\"");
+ assertEquals(s1, "$Version=\"1\"; name=\"value\";
$Domain=\".mydomain.com\"; $Path=\"/\"");
setCookie = new Header(
"Set-Cookie", "name=value; path=/; domain=.mydomain.com");
cookies = parser.parse("myhost.mydomain.com", 80, "/", false, setCookie
);
parser.validate("myhost.mydomain.com", 80, "/", false, cookies[0]);
String s2 = parser.formatCookie(cookies[0]);
- assertEquals(s2, "name=value; $Domain=.mydomain.com; $Path=/");
+ assertEquals(s2, "$Version=0; name=value; $Domain=.mydomain.com;
$Path=/");
}
catch(HttpException e) {
e.printStackTrace();
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
