提交 6e1b5384 编写于 作者: J jccollet

6901170: HttpCookie parsing of version and max-age mis-handled

Summary: Accept single quotes in cookies and better exception handling in CookieManager
Reviewed-by: chegar
上级 04d52fb8
......@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Collections;
import java.util.Comparator;
import java.io.IOException;
import sun.util.logging.PlatformLogger;
/**
* CookieManager provides a concrete implementation of {@link CookieHandler},
......@@ -263,6 +264,7 @@ public class CookieManager extends CookieHandler
if (cookieJar == null)
return;
PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
for (String headerKey : responseHeaders.keySet()) {
// RFC 2965 3.2.2, key must be 'Set-Cookie2'
// we also accept 'Set-Cookie' here for backward compatibility
......@@ -277,7 +279,16 @@ public class CookieManager extends CookieHandler
for (String headerValue : responseHeaders.get(headerKey)) {
try {
List<HttpCookie> cookies = HttpCookie.parse(headerValue);
List<HttpCookie> cookies;
try {
cookies = HttpCookie.parse(headerValue);
} catch (IllegalArgumentException e) {
// Bogus header, make an empty list and log the error
cookies = java.util.Collections.EMPTY_LIST;
if (logger.isLoggable(PlatformLogger.SEVERE)) {
logger.severe("Invalid cookie for " + uri + ": " + headerValue);
}
}
for (HttpCookie cookie : cookies) {
if (cookie.getPath() == null) {
// If no path is specified, then by default
......
......@@ -1036,7 +1036,7 @@ public final class HttpCookie implements Cloneable {
int version = Integer.parseInt(attrValue);
cookie.setVersion(version);
} catch (NumberFormatException ignored) {
throw new IllegalArgumentException("Illegal cookie version attribute");
// Just ignore bogus version, it will default to 0 or 1
}
}
});
......@@ -1147,12 +1147,15 @@ public final class HttpCookie implements Cloneable {
}
private static String stripOffSurroundingQuote(String str) {
if (str != null && str.length() > 0 &&
if (str != null && str.length() > 2 &&
str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') {
return str.substring(1, str.length() - 1);
} else {
return str;
}
if (str != null && str.length() > 2 &&
str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') {
return str.substring(1, str.length() - 1);
}
return str;
}
private static boolean equalsIgnoreCase(String s, String t) {
......
......@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
* @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677
* @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170
* @author Edward Wang
*/
......@@ -335,6 +335,9 @@ public class TestHttpCookie {
// bug 6277801
test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"")
.n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0);
// bug 6901170
test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1);
}
static void misc() {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册