changeset 17926:1a74b1b8cad1

7188517: Check on '$' character is missing in the HttpCookie class constructor Summary: Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm Contributed-by: john.zavgren@oracle.com
author jzavgren
date Fri, 31 May 2013 15:18:15 -0400
parents e8d88b57f82e
children 717ffe79604d
files jdk/src/share/classes/java/net/HttpCookie.java jdk/test/java/net/CookieHandler/TestHttpCookie.java
diffstat 2 files changed, 8 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/classes/java/net/HttpCookie.java	Fri May 31 15:23:26 2013 -0400
+++ b/jdk/src/share/classes/java/net/HttpCookie.java	Fri May 31 15:18:15 2013 -0400
@@ -128,8 +128,7 @@
      *         a {@code String} specifying the value of the cookie
      *
      * @throws  IllegalArgumentException
-     *          if the cookie name contains illegal characters or it is one of
-     *          the tokens reserved for use by the cookie protocol
+     *          if the cookie name contains illegal characters
      * @throws  NullPointerException
      *          if {@code name} is {@code null}
      *
@@ -142,7 +141,7 @@
 
     private HttpCookie(String name, String value, String header) {
         name = name.trim();
-        if (name.length() == 0 || !isToken(name)) {
+        if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
             throw new IllegalArgumentException("Illegal cookie name");
         }
 
@@ -170,9 +169,8 @@
      * @return  a List of cookie parsed from header line string
      *
      * @throws  IllegalArgumentException
-     *          if header string violates the cookie specification's syntax, or
-     *          the cookie name contains illegal characters, or the cookie name
-     *          is one of the tokens reserved for use by the cookie protocol
+     *          if header string violates the cookie specification's syntax or
+     *          the cookie name contains illegal characters.
      * @throws  NullPointerException
      *          if the header string is {@code null}
      */
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java	Fri May 31 15:23:26 2013 -0400
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java	Fri May 31 15:18:15 2013 -0400
@@ -243,6 +243,10 @@
         test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
         .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");
 
+        // $NAME is reserved; result should be null
+        test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
+        .nil();
+
         // a 'full' cookie
         test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
                 ";Version=\"1\"" +