7188517: Check on '$' character is missing in the HttpCookie class constructor

Summary: Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm Contributed-by: john.zavgren@oracle.com

7188517: Check on '$' character is missing in the HttpCookie class constructor
Summary: Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm Contributed-by: john.zavgren@oracle.com
b6ca7ca6 · jzavgren · 95675113 · b6ca7ca6 · b6ca7ca6
Showing with 8 addition and 6 deletion

src/share/classes/java/net/HttpCookie.java src/share/classes/java/net/HttpCookie.java +4 -6

test/java/net/CookieHandler/TestHttpCookie.java test/java/net/CookieHandler/TestHttpCookie.java +4 -0

未找到文件。
--- a/src/share/classes/java/net/HttpCookie.java
+++ b/src/share/classes/java/net/HttpCookie.java
@@ -128,8 +128,7 @@ public final class HttpCookie implements Cloneable {
     *         a {@code String} specifying the value of the cookie
     *
     * @throws  IllegalArgumentException
-     *          if the cookie name contains illegal characters or it is one of
+     *          if the cookie name contains illegal characters
-     *          the tokens reserved for use by the cookie protocol
     * @throws  NullPointerException
     *          if {@code name} is {@code null}
     *
@@ -142,7 +141,7 @@ public final class HttpCookie implements Cloneable {
    private HttpCookie(String name, String value, String header) {
        name = name.trim();
-        if (name.length() == 0 || !isToken(name)) {
+        if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
            throw new IllegalArgumentException("Illegal cookie name");
        }
@@ -170,9 +169,8 @@ public final class HttpCookie implements Cloneable {
     * @return  a List of cookie parsed from header line string
     *
     * @throws  IllegalArgumentException
-     *          if header string violates the cookie specification's syntax, or
+     *          if header string violates the cookie specification's syntax or
-     *          the cookie name contains illegal characters, or the cookie name
+     *          the cookie name contains illegal characters.
-     *          is one of the tokens reserved for use by the cookie protocol
     * @throws  NullPointerException
     *          if the header string is {@code null}
     */

--- a/test/java/net/CookieHandler/TestHttpCookie.java
+++ b/test/java/net/CookieHandler/TestHttpCookie.java
@@ -243,6 +243,10 @@ public class TestHttpCookie {
        test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
        .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");
+        // $NAME is reserved; result should be null
+        test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
+        .nil();
        // a 'full' cookie
        test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
                ";Version=\"1\"" +