On 14/11/2009, ma...@apache.org <ma...@apache.org> wrote:
> Author: markt
>  Date: Sat Nov 14 03:47:48 2009
>  New Revision: 836113
>
>  URL: http://svn.apache.org/viewvc?rev=836113&view=rev
>  Log:
>  More cookie refactoring
>   - new support class for common elements of parsing and writing
>   - better consistency between parsing and writing
>   - remove unused code
>   - reduce visibility of methods where possible
>   - auto-switch to v1 for any attribute that might require quoting
>   - better names for constants
>   - allow v0 cookies to break http spec (disabled by default)
>   - update test cases and documentation
>
>  Added:
>     tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java   (with 
> props)
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowHttpSeps.java   
> (with props)
>  Modified:
>     tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
>     tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
>     tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowEquals.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDisallowEquals.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
>     
> tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
>     tomcat/trunk/webapps/docs/config/systemprops.xml
>
>  Added: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
>  URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=836113&view=auto
>  
> ==============================================================================
>  --- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (added)
>  +++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Sat Nov

<snip/>

>  +    public static final boolean FWD_SLASH_IS_SEPARATOR;
>  +
>  +    /**
>  +     * The list of separators that apply to version 0 cookies. To quote the
>  +     * spec, these are comma, semi-colon and white-space. The HTTP spec
>  +     * definition of linear white space is [CRLF] 1*( SP | HT )
>  +     */
>  +    public static final char[] V0_SEPARATORS = {',', ';', ' ', '\t'};
>  +    public static final boolean[] V0_SEPARATOR_FLAGS = new boolean[128];

public arrays are not immutable - entries can be changed accidentally
or maliciously.

As far as I can tell, the arrays could be made private without
breaking any code.

==

It looks like some/all of the booleans could also be made private -
why expose fields unnecessarily?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to