Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7188517: Check on '$' character is missing in the HttpCookie class constructor
authorjzavgren
Fri, 31 May 2013 15:18:15 -0400
changeset 17926 1a74b1b8cad1
parent 17925 e8d88b57f82e
child 17928 717ffe79604d
7188517: Check on '$' character is missing in the HttpCookie class constructor Summary: Modified the constructor code so that the cookie names are examined for leading dollar signs and if they do, an illegal argument exception is thrown. Reviewed-by: chegar, khazra, michaelm Contributed-by: john.zavgren@oracle.com
jdk/src/share/classes/java/net/HttpCookie.java file | annotate | diff | comparison | revisions
jdk/test/java/net/CookieHandler/TestHttpCookie.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/java/net/HttpCookie.java	Fri May 31 15:23:26 2013 -0400
+++ b/jdk/src/share/classes/java/net/HttpCookie.java	Fri May 31 15:18:15 2013 -0400
@@ -128,8 +128,7 @@
      *         a {@code String} specifying the value of the cookie
      *
      * @throws  IllegalArgumentException
-     *          if the cookie name contains illegal characters or it is one of
-     *          the tokens reserved for use by the cookie protocol
+     *          if the cookie name contains illegal characters
      * @throws  NullPointerException
      *          if {@code name} is {@code null}
      *
@@ -142,7 +141,7 @@
 
     private HttpCookie(String name, String value, String header) {
         name = name.trim();
-        if (name.length() == 0 || !isToken(name)) {
+        if (name.length() == 0 || !isToken(name) || name.charAt(0) == '$') {
             throw new IllegalArgumentException("Illegal cookie name");
         }
 
@@ -170,9 +169,8 @@
      * @return  a List of cookie parsed from header line string
      *
      * @throws  IllegalArgumentException
-     *          if header string violates the cookie specification's syntax, or
-     *          the cookie name contains illegal characters, or the cookie name
-     *          is one of the tokens reserved for use by the cookie protocol
+     *          if header string violates the cookie specification's syntax or
+     *          the cookie name contains illegal characters.
      * @throws  NullPointerException
      *          if the header string is {@code null}
      */
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java	Fri May 31 15:23:26 2013 -0400
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java	Fri May 31 15:18:15 2013 -0400
@@ -243,6 +243,10 @@
         test("set-cookie2: Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
         .n("Customer").v("WILE_E_COYOTE").ver(1).p("/acme");
 
+        // $NAME is reserved; result should be null
+        test("set-cookie2: $Customer = \"WILE_E_COYOTE\"; Version = \"1\"; Path = \"/acme\"")
+        .nil();
+
         // a 'full' cookie
         test("set-cookie2: Customer=\"WILE_E_COYOTE\"" +
                 ";Version=\"1\"" +
jdk-sandbox