Author: markt
Date: Tue Jan 4 19:20:28 2011
New Revision: 1055143
URL: http://svn.apache.org/viewvc?rev=1055143&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49000
Make accepting name only cookies configurable, defaulting to disabled.
Added:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
(with props)
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Tue Jan 4
19:20:28 2011
@@ -60,6 +60,11 @@ public final class CookieSupport {
public static final boolean FWD_SLASH_IS_SEPARATOR;
/**
+ * If true, name only cookies will be permitted.
+ */
+ public static final boolean ALLOW_NAME_ONLY;
+
+ /**
* The list of separators that apply to version 0 cookies. To quote the
* spec, these are comma, semi-colon and white-space. The HTTP spec
* definition of linear white space is [CRLF] 1*( SP | HT )
@@ -106,6 +111,11 @@ public final class CookieSupport {
Boolean.valueOf(fwdSlashIsSeparator).booleanValue();
}
+ ALLOW_NAME_ONLY = Boolean.valueOf(System.getProperty(
+ "org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY",
+ "false")).booleanValue();
+
+
/*
Excluding the '/' char by default violates the RFC, but
it looks like a lot of people put '/'
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java Tue Jan 4
19:20:28 2011
@@ -422,6 +422,11 @@ public final class Cookies { // extends
log.info("Cookies: Unknown Special Cookie");
} else { // Normal Cookie
+ if (valueStart == -1 && !CookieSupport.ALLOW_NAME_ONLY) {
+ // Skip name only cookies if not supported
+ continue;
+ }
+
sc = addCookie();
sc.setVersion( version );
sc.getName().setBytes( bytes, nameStart,
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Jan 4
19:20:28 2011
@@ -102,12 +102,12 @@ public class TestCookies extends TestCas
public void testNameOnlyCookies() throws Exception {
// Bug 49000
- test("fred=1; jim=2; bob", "fred", "1", "jim", "2", "bob", "");
- test("fred=1; jim=2; bob; george=3", "fred", "1", "jim", "2", "bob",
"",
+ test("fred=1; jim=2; bob", "fred", "1", "jim", "2");
+ test("fred=1; jim=2; bob; george=3", "fred", "1", "jim", "2",
"george", "3");
test("fred=1; jim=2; bob=; george=3", "fred", "1", "jim", "2",
- "bob", "", "george", "3");
- test("fred=1; jim=2; bob=", "fred", "1", "jim", "2", "bob", "");
+ "george", "3");
+ test("fred=1; jim=2; bob=", "fred", "1", "jim", "2");
}
Added:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java?rev=1055143&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
(added)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
Tue Jan 4 19:20:28 2011
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.startup.SimpleHttpClient;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+
+public class TestCookiesAllowNameOnly extends TomcatBaseTest{
+
+ private static final String COOKIE_WITH_NAME_ONLY_1 = "bob";
+ private static final String COOKIE_WITH_NAME_ONLY_2 = "bob=";
+
+ public void testWithEquals() throws Exception {
+ System.setProperty(
+ "org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY",
+ "true");
+
+ TestCookieNameOnlyClient client = new TestCookieNameOnlyClient();
+ client.doRequest();
+ }
+
+ private class TestCookieNameOnlyClient extends SimpleHttpClient {
+
+
+ private void doRequest() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ Context root = tomcat.addContext("", TEMP_DIR);
+ Tomcat.addServlet(root, "Simple", new SimpleServlet());
+ root.addServletMapping("/test", "Simple");
+
+ tomcat.start();
+ // Open connection
+ setPort(tomcat.getConnector().getPort());
+ connect();
+
+ String[] request = new String[1];
+ request[0] =
+ "GET /test HTTP/1.0" + CRLF +
+ "Cookie: " + COOKIE_WITH_NAME_ONLY_1 + CRLF +
+ "Cookie: " + COOKIE_WITH_NAME_ONLY_2 + CRLF + CRLF;
+ setRequest(request);
+ processRequest(true); // blocks until response has been read
+ String response = getResponseBody();
+
+ // Close the connection
+ disconnect();
+ reset();
+ tomcat.stop();
+ // Need the extra equals since cookie 1 is just the name
+ assertEquals(COOKIE_WITH_NAME_ONLY_1 + "=" +
+ COOKIE_WITH_NAME_ONLY_2, response);
+ }
+
+ @Override
+ public boolean isResponseBodyOK() {
+ return true;
+ }
+
+ }
+
+
+ private static class SimpleServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse
resp)
+ throws ServletException, IOException {
+ Cookie cookies[] = req.getCookies();
+ for (Cookie cookie : cookies) {
+ resp.getWriter().write(cookie.getName() + "=" +
+ cookie.getValue());
+ }
+ resp.flushBuffer();
+ }
+
+ }
+
+}
Propchange:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Tue Jan 4 19:20:28 2011
@@ -366,8 +366,7 @@
else the default value will be <code>false</code>.</p>
</property>
- <property
- name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
+ <property name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
<p> If this is true then the requirements of the Servlet specification
that Cookie names must adhere to RFC2109 (no use of separators) will be
enforced.</p>
@@ -376,6 +375,14 @@
else the default value will be <code>false</code>.</p>
</property>
+ <property name="org.apache.tomcat.util.http. ServerCookie.ALLOW_NAME_ONLY">
+ <p> If this is true then the requirements of the cookie specifications
+ that cookies must have values will be enforced and cookies consisting
only
+ of a name but no value will be ignored.</p>
+ <p>If not specified, the default specification compliant value of
+ <code>false</code> will be used.</p>
+ </property>
+
</properties>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
