tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1055143 - in /tomcat/trunk: java/org/apache/tomcat/util/http/ test/org/apache/tomcat/util/http/ webapps/docs/config/
Date Tue, 04 Jan 2011 19:20:29 GMT
Author: markt
Date: Tue Jan  4 19:20:28 2011
New Revision: 1055143

URL: http://svn.apache.org/viewvc?rev=1055143&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49000
Make accepting name only cookies configurable, defaulting to disabled.

Added:
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java   (with props)
Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
    tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
    tomcat/trunk/webapps/docs/config/systemprops.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Tue Jan  4 19:20:28 2011
@@ -60,6 +60,11 @@ public final class CookieSupport {
     public static final boolean FWD_SLASH_IS_SEPARATOR;
 
     /**
+     * If true, name only cookies will be permitted.
+     */
+    public static final boolean ALLOW_NAME_ONLY;
+
+    /**
      * The list of separators that apply to version 0 cookies. To quote the
      * spec, these are comma, semi-colon and white-space. The HTTP spec
      * definition of linear white space is [CRLF] 1*( SP | HT )
@@ -106,6 +111,11 @@ public final class CookieSupport {
                 Boolean.valueOf(fwdSlashIsSeparator).booleanValue();
         }
         
+        ALLOW_NAME_ONLY = Boolean.valueOf(System.getProperty(
+                "org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY",
+                "false")).booleanValue();
+        
+
         /*
         Excluding the '/' char by default violates the RFC, but 
         it looks like a lot of people put '/'

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java Tue Jan  4 19:20:28 2011
@@ -422,6 +422,11 @@ public final class Cookies { // extends 
                 log.info("Cookies: Unknown Special Cookie");
 
             } else { // Normal Cookie
+                if (valueStart == -1 && !CookieSupport.ALLOW_NAME_ONLY) {
+                    // Skip name only cookies if not supported
+                    continue;
+                }
+
                 sc = addCookie();
                 sc.setVersion( version );
                 sc.getName().setBytes( bytes, nameStart,

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Jan  4 19:20:28 2011
@@ -102,12 +102,12 @@ public class TestCookies extends TestCas
 
     public void testNameOnlyCookies() throws Exception {
         // Bug 49000
-        test("fred=1; jim=2; bob", "fred", "1", "jim", "2", "bob", "");
-        test("fred=1; jim=2; bob; george=3", "fred", "1", "jim", "2", "bob", "",
+        test("fred=1; jim=2; bob", "fred", "1", "jim", "2");
+        test("fred=1; jim=2; bob; george=3", "fred", "1", "jim", "2",
                 "george", "3");
         test("fred=1; jim=2; bob=; george=3", "fred", "1", "jim", "2",
-                "bob", "", "george", "3");
-        test("fred=1; jim=2; bob=", "fred", "1", "jim", "2", "bob", "");
+                "george", "3");
+        test("fred=1; jim=2; bob=", "fred", "1", "jim", "2");
     }
 
 

Added: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java?rev=1055143&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java (added)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java Tue Jan  4
19:20:28 2011
@@ -0,0 +1,103 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.startup.SimpleHttpClient;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+
+public class TestCookiesAllowNameOnly extends TomcatBaseTest{
+
+    private static final String COOKIE_WITH_NAME_ONLY_1 = "bob";
+    private static final String COOKIE_WITH_NAME_ONLY_2 = "bob=";
+    
+    public void testWithEquals() throws Exception {
+        System.setProperty(
+                "org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY",
+                "true");
+
+        TestCookieNameOnlyClient client = new TestCookieNameOnlyClient();
+        client.doRequest();
+    }
+    
+    private class TestCookieNameOnlyClient extends SimpleHttpClient {
+
+
+        private void doRequest() throws Exception {
+            Tomcat tomcat = getTomcatInstance();
+            Context root = tomcat.addContext("", TEMP_DIR);
+            Tomcat.addServlet(root, "Simple", new SimpleServlet());
+            root.addServletMapping("/test", "Simple");
+            
+            tomcat.start();
+            // Open connection
+            setPort(tomcat.getConnector().getPort());
+            connect();
+            
+            String[] request = new String[1];
+            request[0] =
+                "GET /test HTTP/1.0" + CRLF +
+                "Cookie: " + COOKIE_WITH_NAME_ONLY_1 + CRLF +
+                "Cookie: " + COOKIE_WITH_NAME_ONLY_2 + CRLF + CRLF;
+            setRequest(request);
+            processRequest(true); // blocks until response has been read
+            String response = getResponseBody();
+            
+            // Close the connection
+            disconnect();
+            reset();
+            tomcat.stop();
+            // Need the extra equals since cookie 1 is just the name
+            assertEquals(COOKIE_WITH_NAME_ONLY_1 + "=" +
+                    COOKIE_WITH_NAME_ONLY_2, response);
+        }
+        
+        @Override
+        public boolean isResponseBodyOK() {
+            return true;
+        }
+        
+    }
+    
+    
+    private static class SimpleServlet extends HttpServlet {
+
+        private static final long serialVersionUID = 1L;
+
+        @Override
+        protected void service(HttpServletRequest req, HttpServletResponse resp)
+        throws ServletException, IOException {
+            Cookie cookies[] = req.getCookies();
+            for (Cookie cookie : cookies) {
+                resp.getWriter().write(cookie.getName() + "=" +
+                        cookie.getValue());
+            }
+            resp.flushBuffer();
+        }
+        
+    }
+    
+}

Propchange: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowNameOnly.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1055143&r1=1055142&r2=1055143&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Tue Jan  4 19:20:28 2011
@@ -366,8 +366,7 @@
       else the default value will be <code>false</code>.</p>
     </property>
 
-    <property
-    name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
+    <property name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
       <p> If this is true then the requirements of the Servlet specification
       that Cookie names must adhere to RFC2109 (no use of separators) will be
       enforced.</p>
@@ -376,6 +375,14 @@
       else the default value will be <code>false</code>.</p>
     </property>
 
+    <property name="org.apache.tomcat.util.http. ServerCookie.ALLOW_NAME_ONLY">
+      <p> If this is true then the requirements of the cookie specifications
+      that cookies must have values will be enforced and cookies consisting only
+      of a name but no value will be ignored.</p>
+      <p>If not specified, the default specification compliant value of
+      <code>false</code> will be used.</p>
+    </property>
+
   </properties>
 
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message