Author: markt Date: Wed May 21 11:58:49 2014 New Revision: 1596546 URL: http://svn.apache.org/r1596546 Log: Apply patch 01 from jboynes to improve cookie handling. Allow attribute names as cookie names. Patch should be safe since it relaxes the current behaviour.
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java tomcat/trunk/test/javax/servlet/http/TestCookie.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596546&r1=1596545&r2=1596546&view=diff ============================================================================== --- tomcat/trunk/java/javax/servlet/http/Cookie.java (original) +++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 11:58:49 2014 @@ -401,16 +401,7 @@ class CookieNameValidator { if (name == null || name.length() == 0) { throw new IllegalArgumentException(lStrings.getString("err.cookie_name_blank")); } - if (!isToken(name) || - name.equalsIgnoreCase("Comment") || - name.equalsIgnoreCase("Discard") || - name.equalsIgnoreCase("Domain") || - name.equalsIgnoreCase("Expires") || - name.equalsIgnoreCase("Max-Age") || - name.equalsIgnoreCase("Path") || - name.equalsIgnoreCase("Secure") || - name.equalsIgnoreCase("Version") || - name.startsWith("$")) { + if (!isToken(name) || name.startsWith("$")) { String errMsg = lStrings.getString("err.cookie_name_is_token"); throw new IllegalArgumentException(MessageFormat.format(errMsg, name)); } Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596546&r1=1596545&r2=1596546&view=diff ============================================================================== --- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original) +++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 11:58:49 2014 @@ -19,7 +19,6 @@ package javax.servlet.http; import java.util.BitSet; import org.junit.Assert; -import org.junit.Ignore; import org.junit.Test; /** @@ -87,59 +86,58 @@ public class TestCookie { Cookie c = new Cookie("$Version", null); } - @Test(expected = IllegalArgumentException.class) + @Test public void tokenVersion() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Version", null); + Cookie cookie = new Cookie("Version", null); + Assert.assertEquals("Version", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeVersion() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Comment", null); + Cookie cookie = new Cookie("Comment", null); + Assert.assertEquals("Comment", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeDiscard() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Discard", null); + Cookie cookie = new Cookie("Discard", null); + Assert.assertEquals("Discard", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeExpires() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Expires", null); + Cookie cookie = new Cookie("Expires", null); + Assert.assertEquals("Expires", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeMaxAge() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Max-Age", null); + Cookie cookie = new Cookie("Max-Age", null); + Assert.assertEquals("Max-Age", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeDomain() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Domain", null); + Cookie cookie = new Cookie("Domain", null); + Assert.assertEquals("Domain", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributePath() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Path", null); + Cookie cookie = new Cookie("Path", null); + Assert.assertEquals("Path", cookie.getName()); } - @Test(expected = IllegalArgumentException.class) + @Test public void attributeSecure() { - @SuppressWarnings("unused") - Cookie c = new Cookie("Secure", null); + Cookie cookie = new Cookie("Secure", null); + Assert.assertEquals("Secure", cookie.getName()); } - @Ignore("HttpOnly is not checked for") - @Test(expected = IllegalArgumentException.class) + @Test public void attributeHttpOnly() { - @SuppressWarnings("unused") - Cookie c = new Cookie("HttpOnly", null); + Cookie cookie = new Cookie("HttpOnly", null); + Assert.assertEquals("HttpOnly", cookie.getName()); } public static void checkCharInName(BitSet allowed) { Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596546&r1=1596545&r2=1596546&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 11:58:49 2014 @@ -83,6 +83,12 @@ (Similarity Analyser) tool. Improve handling of Throwable. (markt/kkolinko) </scode> + <fix> + Relax cookie naming restrictions. Cookie attribute names used in the + <code>Set-Cookie</code> header may be used unambiguously as cookie + names. The restriction that prevented such usage has been removed. + (jboynes/markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org