Author: markt
Date: Wed May 21 11:58:49 2014
New Revision: 1596546
URL: http://svn.apache.org/r1596546
Log:
Apply patch 01 from jboynes to improve cookie handling.
Allow attribute names as cookie names.
Patch should be safe since it relaxes the current behaviour.
Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/test/javax/servlet/http/TestCookie.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596546&r1=1596545&r2=1596546&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 11:58:49 2014
@@ -401,16 +401,7 @@ class CookieNameValidator {
if (name == null || name.length() == 0) {
throw new
IllegalArgumentException(lStrings.getString("err.cookie_name_blank"));
}
- if (!isToken(name) ||
- name.equalsIgnoreCase("Comment") ||
- name.equalsIgnoreCase("Discard") ||
- name.equalsIgnoreCase("Domain") ||
- name.equalsIgnoreCase("Expires") ||
- name.equalsIgnoreCase("Max-Age") ||
- name.equalsIgnoreCase("Path") ||
- name.equalsIgnoreCase("Secure") ||
- name.equalsIgnoreCase("Version") ||
- name.startsWith("$")) {
+ if (!isToken(name) || name.startsWith("$")) {
String errMsg = lStrings.getString("err.cookie_name_is_token");
throw new IllegalArgumentException(MessageFormat.format(errMsg,
name));
}
Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596546&r1=1596545&r2=1596546&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 11:58:49
2014
@@ -19,7 +19,6 @@ package javax.servlet.http;
import java.util.BitSet;
import org.junit.Assert;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -87,59 +86,58 @@ public class TestCookie {
Cookie c = new Cookie("$Version", null);
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void tokenVersion() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Version", null);
+ Cookie cookie = new Cookie("Version", null);
+ Assert.assertEquals("Version", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeVersion() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Comment", null);
+ Cookie cookie = new Cookie("Comment", null);
+ Assert.assertEquals("Comment", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeDiscard() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Discard", null);
+ Cookie cookie = new Cookie("Discard", null);
+ Assert.assertEquals("Discard", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeExpires() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Expires", null);
+ Cookie cookie = new Cookie("Expires", null);
+ Assert.assertEquals("Expires", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeMaxAge() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Max-Age", null);
+ Cookie cookie = new Cookie("Max-Age", null);
+ Assert.assertEquals("Max-Age", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeDomain() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Domain", null);
+ Cookie cookie = new Cookie("Domain", null);
+ Assert.assertEquals("Domain", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributePath() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Path", null);
+ Cookie cookie = new Cookie("Path", null);
+ Assert.assertEquals("Path", cookie.getName());
}
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeSecure() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("Secure", null);
+ Cookie cookie = new Cookie("Secure", null);
+ Assert.assertEquals("Secure", cookie.getName());
}
- @Ignore("HttpOnly is not checked for")
- @Test(expected = IllegalArgumentException.class)
+ @Test
public void attributeHttpOnly() {
- @SuppressWarnings("unused")
- Cookie c = new Cookie("HttpOnly", null);
+ Cookie cookie = new Cookie("HttpOnly", null);
+ Assert.assertEquals("HttpOnly", cookie.getName());
}
public static void checkCharInName(BitSet allowed) {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596546&r1=1596545&r2=1596546&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 11:58:49 2014
@@ -83,6 +83,12 @@
(Similarity Analyser) tool. Improve handling of Throwable.
(markt/kkolinko)
</scode>
+ <fix>
+ Relax cookie naming restrictions. Cookie attribute names used in the
+ <code>Set-Cookie</code> header may be used unambiguously as cookie
+ names. The restriction that prevented such usage has been removed.
+ (jboynes/markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
