Mercurial > hg > openjdk > icedtea > jdk7 > jdk
changeset 5507:cbb4a165d660
7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name
Reviewed-by: chegar, khazra
author | michaelm |
---|---|
date | Thu, 19 Jul 2012 19:30:34 +0100 |
parents | fc870376e780 |
children | 1318ba62cd1e |
files | src/share/classes/java/net/HttpCookie.java test/java/net/HttpCookie/IllegalCookieNameTest.java |
diffstat | 2 files changed, 75 insertions(+), 27 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/net/HttpCookie.java Thu Jul 19 20:11:20 2012 +0400 +++ b/src/share/classes/java/net/HttpCookie.java Thu Jul 19 19:30:34 2012 +0100 @@ -154,7 +154,7 @@ private HttpCookie(String name, String value, String header) { name = name.trim(); - if (name.length() == 0 || !isToken(name) || isReserved(name)) { + if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') { throw new IllegalArgumentException("Illegal cookie name"); } @@ -909,32 +909,6 @@ /* - * @param name the name to be tested - * @return <tt>true</tt> if the name is reserved by cookie - * specification, <tt>false</tt> if it is not - */ - private static boolean isReserved(String name) { - if (name.equalsIgnoreCase("Comment") - || name.equalsIgnoreCase("CommentURL") // rfc2965 only - || name.equalsIgnoreCase("Discard") // rfc2965 only - || name.equalsIgnoreCase("Domain") - || name.equalsIgnoreCase("Expires") // netscape draft only - || name.equalsIgnoreCase("Max-Age") - || name.equalsIgnoreCase("Path") - || name.equalsIgnoreCase("Port") // rfc2965 only - || name.equalsIgnoreCase("Secure") - || name.equalsIgnoreCase("Version") - || name.equalsIgnoreCase("HttpOnly") - || name.charAt(0) == '$') - { - return true; - } - - return false; - } - - - /* * Parse header string to cookie object. * * @param header header string; should contain only one NAME=VALUE pair
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/net/HttpCookie/IllegalCookieNameTest.java Thu Jul 19 19:30:34 2012 +0100 @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 7183292 + */ +import java.net.*; +import java.util.*; +import java.io.*; +import com.sun.net.httpserver.*; + +public class IllegalCookieNameTest { + public static void main(String[] args) throws IOException { + HttpServer s = null; + try { + InetSocketAddress addr = new InetSocketAddress(0); + s = HttpServer.create(addr, 10); + s.createContext("/", new HHandler()); + s.start(); + String u = "http://127.0.0.1:" + s.getAddress().getPort() + "/"; + CookieHandler.setDefault(new TestCookieHandler()); + URL url = new URL(u); + HttpURLConnection c = (HttpURLConnection) url.openConnection(); + c.getHeaderFields(); + System.out.println ("OK"); + } finally { + s.stop(1); + } + } +} + +class TestCookieHandler extends CookieHandler { + @Override + public Map<String, List<String>> get(URI uri, Map<String, List<String>> requestHeaders) { + return new HashMap<String, List<String>>(); + } + + @Override + public void put(URI uri, Map<String, List<String>> responseHeaders) { + } +} + +class HHandler implements HttpHandler { + public void handle (HttpExchange e) { + try { + Headers h = e.getResponseHeaders(); + h.set ("Set-Cookie", "domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.foo.com"); + e.sendResponseHeaders(200, -1); + e.close(); + } catch (Exception ex) { + System.out.println (ex); + } + } +}