Return-Path: 
 <commits-return-37267-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 31C3F180A2
	for <apmail-cxf-commits-archive@www.apache.org>;
 Tue, 30 Jun 2015 12:12:11 +0000 (UTC)
Received: (qmail 17853 invoked by uid 500); 30 Jun 2015 12:12:11 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 17784 invoked by uid 500); 30 Jun 2015 12:12:11 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 17775 invoked by uid 99); 30 Jun 2015 12:12:11 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jun 2015 12:12:11 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id DE52DDFE1A; Tue, 30 Jun 2015 12:12:10 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <876ffaac0eab47c586d0ad0b96a18ff5@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: [CXF-6479] restricting a custom separator to a single
 String character
Date: Tue, 30 Jun 2015 12:12:10 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 21c1ff481 -> 012dc0d80


[CXF-6479] restricting a custom separator to a single String character


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/012dc0d8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/012dc0d8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/012dc0d8

Branch: refs/heads/3.0.x-fixes
Commit: 012dc0d803fb15b0e6e27ddcb1d9f2de7d7d768e
Parents: 21c1ff4
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jun 30 13:10:16 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jun 30 13:11:39 2015 +0100

----------------------------------------------------------------------
 .../cxf/jaxrs/impl/CacheControlHeaderProvider.java |  6 +++++-
 .../org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java | 11 +++++++++--
 .../jaxrs/impl/CacheControlHeaderProviderTest.java | 13 +++++++++++++
 .../apache/cxf/jaxrs/impl/HttpHeadersImplTest.java | 17 +++++++++++++++++
 4 files changed, 44 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/012dc0d8/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
index e2f3b73..9ccc37d 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProvider.java
@@ -31,6 +31,7 @@ import javax.ws.rs.core.CacheControl;
 import javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate;
 
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 
@@ -227,7 +228,10 @@ public class CacheControlHeaderProvider implements HeaderDelegate<CacheControl>
         if (message != null) {
             Object sepProperty = message.getContextualProperty(CACHE_CONTROL_SEPARATOR_PROPERTY);
             if (sepProperty != null) {
-                separator = sepProperty.toString();
+                separator = sepProperty.toString().trim();
+                if (separator.length() != 1) {
+                    throw ExceptionUtils.toInternalServerErrorException(null, null);
+                }
             }
         }
         return separator;

http://git-wip-us.apache.org/repos/asf/cxf/blob/012dc0d8/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
index bacad82..d692964 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/HttpHeadersImpl.java
@@ -42,6 +42,7 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
@@ -123,8 +124,14 @@ public class HttpHeadersImpl implements HttpHeaders {
     private String getCookieSeparator() {
         Object cookiePropValue = message.getContextualProperty(COOKIE_SEPARATOR_PROPERTY);
         if (cookiePropValue != null) {
-            return COOKIE_SEPARATOR_CRLF.equals(cookiePropValue.toString()) 
-                ? "\r\n" : cookiePropValue.toString();
+            String separator = cookiePropValue.toString().trim();
+            if (COOKIE_SEPARATOR_CRLF.equals(separator)) {
+                return "\r\n";
+            }
+            if (separator.length() != 1) {
+                throw ExceptionUtils.toInternalServerErrorException(null, null);
+            }
+            return separator;
         } else {
             return DEFAULT_COOKIE_SEPARATOR;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/012dc0d8/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
index da21b76..89966c9 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/CacheControlHeaderProviderTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.jaxrs.impl;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.core.CacheControl;
 
 import org.apache.cxf.message.Message;
@@ -83,6 +84,18 @@ public class CacheControlHeaderProviderTest extends Assert {
         
     }
     
+    @Test(expected = InternalServerErrorException.class)
+    public void testInvalidSeparator() {
+        CacheControlHeaderProvider cp = new CacheControlHeaderProvider() {
+            protected Message getCurrentMessage() {
+                Message m = new MessageImpl();
+                m.put(CacheControlHeaderProvider.CACHE_CONTROL_SEPARATOR_PROPERTY, "(e+)+");
+                return m;
+            }
+        };
+        cp.fromString("no-store");
+    }
+    
     
     @Test
     public void testToString() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/012dc0d8/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
index 491ea95..c072021 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java
@@ -28,6 +28,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.TreeMap;
 
+import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
@@ -420,6 +421,7 @@ public class HttpHeadersImplTest extends Assert {
         assertEquals(1, cookie.getVersion());
     }
     
+    
     @Test
     public void testGetCookiesWithComma() throws Exception {
         
@@ -438,6 +440,21 @@ public class HttpHeadersImplTest extends Assert {
         assertEquals("d", cookies.get("c").getValue());
     }
     
+    @Test(expected = InternalServerErrorException.class)
+    public void testInvalidCookieSeparator() throws Exception {
+        
+        Message m = new MessageImpl();
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(m);
+        ex.put("org.apache.cxf.http.cookie.separator", "(e+)+");
+        m.setExchange(ex);
+        MetadataMap<String, String> headers = createHeaders();
+        headers.putSingle(HttpHeaders.COOKIE, "a=b,c=d");
+        m.put(Message.PROTOCOL_HEADERS, headers);
+        HttpHeaders h = new HttpHeadersImpl(m);
+        h.getCookies();
+    }
+    
     @Test
     public void testMultipleAcceptableLanguages() throws Exception {