olegk 2004/01/06 14:10:44 Modified: httpclient/src/java/org/apache/commons/httpclient/cookie CookieSpecBase.java httpclient/src/test/org/apache/commons/httpclient TestCookie.java Log: PR #25264 (Cookie rejected) Fixes the problem that causes rejection of cookies with a domain attribute '.domain.com' issued by host 'domain.com' in the browser compatibility mode. Even though the cookie violates the RFC 2109 it still gets accepted by mainstream browsers (tested with Mozilla Firebird and IE) Contributed by Oleg Kalnichevski Revision Changes Path 1.21 +12 -6 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java Index: CookieSpecBase.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- CookieSpecBase.java 2 Nov 2003 18:18:30 -0000 1.20 +++ CookieSpecBase.java 6 Jan 2004 22:10:44 -0000 1.21 @@ -428,9 +428,15 @@ // domain must match host if (!host.endsWith(cookie.getDomain())) { - throw new MalformedCookieException( - "Illegal domain attribute \"" + cookie.getDomain() - + "\". Domain of origin: \"" + host + "\""); + String s = cookie.getDomain(); + if (s.startsWith(".")) { + s = s.substring(1, s.length()); + } + if (!host.equals(s)) { + throw new MalformedCookieException( + "Illegal domain attribute \"" + cookie.getDomain() + + "\". Domain of origin: \"" + host + "\""); + } } } else { if (!host.equals(cookie.getDomain())) { 1.27 +28 -4 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java Index: TestCookie.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- TestCookie.java 2 Nov 2003 18:18:30 -0000 1.26 +++ TestCookie.java 6 Jan 2004 22:10:44 -0000 1.27 @@ -1048,5 +1048,29 @@ assertEquals("b,c", cookies[0].getValue()); } + + /** + * Tests if that invalid second domain level cookie gets + * rejected in the strict mode, but gets accepted in the + * browser compatibility mode. + */ + public void testSecondDomainLevelCookie() throws Exception { + Cookie cookie = new Cookie(".sourceforge.net", "name", null, "/", null, false); + cookie.setDomainAttributeSpecified(true); + cookie.setPathAttributeSpecified(true); + + CookieSpec parser = null; + + parser = CookiePolicy.getCookieSpec(CookiePolicy.BROWSER_COMPATIBILITY); + parser.validate("sourceforge.net", 80, "/", false, cookie); + + parser = CookiePolicy.getCookieSpec(CookiePolicy.RFC_2109); + try { + parser.validate("sourceforge.net", 80, "/", false, cookie); + fail("MalformedCookieException should have been thrown"); + } catch (MalformedCookieException e) { + // Expected + } + } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]