svn commit: r1596559 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java test/javax/servlet/http/TestCookie.java test/javax/servlet/http/TestCookieRFC2109Validator.java test/javax/servlet/http/TestCookieRFC6265Validator.java webapps/docs/changelog.xml

Wed, 21 May 2014 05:32:27 -0700 

Author: markt
Date: Wed May 21 12:31:10 2014
New Revision: 1596559

URL: http://svn.apache.org/r1596559
Log:
Apply patch 03 from jboynes to improve cookie handling.
Allow V0 cookies to use names that start with $.
Add a (currently unused) RFC6265 Cookie validator.
Patch should be safe since it relaxes the current behaviour.

Added:
    tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java   
(with props)
Modified:
    tomcat/trunk/java/javax/servlet/http/Cookie.java
    tomcat/trunk/test/javax/servlet/http/TestCookie.java
    tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1596559&r1=1596558&r2=1596559&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Wed May 21 12:31:10 2014
@@ -384,7 +384,7 @@ public class Cookie implements Cloneable
 
 class CookieNameValidator {
     private static final String LSTRING_FILE = 
"javax.servlet.http.LocalStrings";
-    private static final ResourceBundle lStrings = 
ResourceBundle.getBundle(LSTRING_FILE);
+    protected static final ResourceBundle lStrings = 
ResourceBundle.getBundle(LSTRING_FILE);
 
     protected final BitSet allowed;
 
@@ -401,7 +401,7 @@ class CookieNameValidator {
         if (name == null || name.length() == 0) {
             throw new 
IllegalArgumentException(lStrings.getString("err.cookie_name_blank"));
         }
-        if (!isToken(name) || name.startsWith("$")) {
+        if (!isToken(name)) {
             String errMsg = lStrings.getString("err.cookie_name_is_token");
             throw new IllegalArgumentException(MessageFormat.format(errMsg, 
name));
         }
@@ -428,10 +428,10 @@ class NetscapeValidator extends CookieNa
     }
 }
 
-class RFC2109Validator extends CookieNameValidator {
+class RFC6265Validator extends CookieNameValidator {
     private static final String RFC2616_SEPARATORS = "()<>@,;:\\\"/[]?={} \t";
 
-    RFC2109Validator() {
+    RFC6265Validator() {
         super(RFC2616_SEPARATORS);
 
         // special treatment to allow for FWD_SLASH_IS_SEPARATOR property
@@ -447,3 +447,17 @@ class RFC2109Validator extends CookieNam
         }
     }
 }
+
+class RFC2109Validator extends RFC6265Validator {
+    RFC2109Validator() {
+    }
+
+    @Override
+    void validate(String name) {
+        super.validate(name);
+        if (name.charAt(0) == '$') {
+            String errMsg = lStrings.getString("err.cookie_name_is_token");
+            throw new IllegalArgumentException(MessageFormat.format(errMsg, 
name));
+        }
+    }
+}

Modified: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1596559&r1=1596558&r2=1596559&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Wed May 21 12:31:10 
2014
@@ -66,11 +66,11 @@ public class TestCookie {
         Assert.assertEquals(0, cookie.getVersion());
     }
 
-
-    @Test(expected = IllegalArgumentException.class)
-    public void leadingDollar() {
-        @SuppressWarnings("unused")
-        Cookie c = new Cookie("$Version", null);
+    @Test()
+    public void defaultImpliesNetscape() {
+        // $Foo is allowed by Netscape but not by RFC2109
+        Cookie cookie = new Cookie("$Foo", null);
+        Assert.assertEquals("$Foo", cookie.getName());
     }
 
     @Test

Modified: tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java?rev=1596559&r1=1596558&r2=1596559&view=diff
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java 
(original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieRFC2109Validator.java Wed 
May 21 12:31:10 2014
@@ -32,4 +32,9 @@ public class TestCookieRFC2109Validator 
     public void actualCharactersAllowedInName() {
         TestCookie.checkCharInName(validator, TestCookie.TOKEN);
     }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void leadingDollar() {
+        validator.validate("$Version");
+    }
 }

Added: tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java?rev=1596559&view=auto
==============================================================================
--- tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java (added)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java Wed 
May 21 12:31:10 2014
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.servlet.http;
+
+import org.junit.Test;
+
+/**
+ * Basic tests for Cookie in default configuration.
+ */
+public class TestCookieRFC6265Validator {
+    static {
+        
System.setProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
 "true");
+    }
+
+    private RFC6265Validator validator = new RFC6265Validator();
+
+    @Test
+    public void actualCharactersAllowedInName() {
+        TestCookie.checkCharInName(validator, TestCookie.TOKEN);
+    }
+
+    @Test()
+    public void leadingDollar() {
+        validator.validate("$Version");
+    }
+}
\ No newline at end of file

Propchange: tomcat/trunk/test/javax/servlet/http/TestCookieRFC6265Validator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1596559&r1=1596558&r2=1596559&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed May 21 12:31:10 2014
@@ -89,6 +89,11 @@
         names. The restriction that prevented such usage has been removed.
         (jboynes/markt) 
       </fix>
+      <fix>
+        Further relax cookie naming restrictions. Version 0 (a.k.a Netscape
+        format) cookies may now use names that start with the <code>$</code>
+        character. (jboynes/markt) 
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to