From b6ca7ca6c9e9d2ea4af81073377be205d43bdbb7 Mon Sep 17 00:00:00 2001 From: jzavgren Date: Fri, 31 May 2013 15:18:15 -0400 Subject: [PATCH] 7188517: Check on '$' character is missing in the HttpCookie class constructor Summary: Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm Contributed-by: john.zavgren@oracle.com --- src/share/classes/java/net/HttpCookie.java | 10 ++++------ test/java/net/CookieHandler/TestHttpCookie.java | 4 ++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/share/classes/java/net/HttpCookie.java b/src/share/classes/java/net/HttpCookie.java index d5a36df50..d265e284c 100644 --- a/src/share/classes/java/net/HttpCookie.java +++ b/src/share/classes/java/net/HttpCookie.java @@ -128,8 +128,7 @@ public final class HttpCookie implements Cloneable { * a {@code String} specifying the value of the cookie * * @throws IllegalArgumentException - * if the cookie name contains illegal characters or it is one of - * the tokens reserved for use by the cookie protocol + * if the cookie name contains illegal characters * @throws NullPointerException * if {@code name} is {@code null} * @@ -142,7 +141,7 @@ public final class HttpCookie implements Cloneable { private HttpCookie(String name, String value, String header) { name = name.trim(); - if (name.length() == 0 || !isToken(name)) { + if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') { throw new IllegalArgumentException("Illegal cookie name"); } @@ -170,9 +169,8 @@ public final class HttpCookie implements Cloneable { * @return a List of cookie parsed from header line string * * @throws IllegalArgumentException - * if header string violates the cookie specification's syntax, or - * the cookie name contains illegal characters, or the cookie name - * is one of the tokens reserved for use by the cookie protocol + * if header string violates the cookie specification's syntax or + * the cookie name contains illegal characters. * @throws NullPointerException * if the header string is {@code null} */ diff --git a/test/java/net/CookieHandler/TestHttpCookie.java b/test/java/net/CookieHandler/TestHttpCookie.java index 1975fef49..55037a070 100644 --- a/test/java/net/CookieHandler/TestHttpCookie.java +++ b/test/java/net/CookieHandler/TestHttpCookie.java @@ -243,6 +243,10 @@ public class TestHttpCookie { test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"") .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme"); + // $NAME is reserved; result should be null + test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"") + .nil(); + // a 'full' cookie test("set-cookie2: Customer=\"WILE_E_COYOTE\"" + ";Version=\"1\"" + -- GitLab