Fix incorrect name validation in AbstractHttpData

- Fixes #1228
This commit is contained in:
Trustin Lee 2013-04-23 19:26:50 +09:00
parent 9fe5048175
commit 94aad58627

View File

@ -22,12 +22,16 @@ import io.netty.handler.codec.http.HttpConstants;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.regex.Pattern;
/** /**
* Abstract HttpData implementation * Abstract HttpData implementation
*/ */
public abstract class AbstractHttpData extends AbstractReferenceCounted implements HttpData { public abstract class AbstractHttpData extends AbstractReferenceCounted implements HttpData {
private static final Pattern STRIP_PATTERN = Pattern.compile("(?:^\\s+|\\s+$|\\n)");
private static final Pattern REPLACE_PATTERN = Pattern.compile("[\\r\\t]");
protected final String name; protected final String name;
protected long definedSize; protected long definedSize;
protected long size; protected long size;
@ -38,34 +42,14 @@ public abstract class AbstractHttpData extends AbstractReferenceCounted implemen
if (name == null) { if (name == null) {
throw new NullPointerException("name"); throw new NullPointerException("name");
} }
name = name.trim();
name = REPLACE_PATTERN.matcher(name).replaceAll(" ");
name = STRIP_PATTERN.matcher(name).replaceAll("");
if (name.isEmpty()) { if (name.isEmpty()) {
throw new IllegalArgumentException("empty name"); throw new IllegalArgumentException("empty name");
} }
for (int i = 0; i < name.length(); i ++) {
char c = name.charAt(i);
if (c > 127) {
throw new IllegalArgumentException(
"name contains non-ascii character: " + name);
}
// Check prohibited characters.
switch (c) {
case '=':
case ',':
case ';':
case ' ':
case '\t':
case '\r':
case '\n':
case '\f':
case 0x0b: // Vertical tab
throw new IllegalArgumentException(
"name contains one of the following prohibited characters: " +
"=,; \\t\\r\\n\\v\\f: " + name);
}
}
this.name = name; this.name = name;
if (charset != null) { if (charset != null) {
setCharset(charset); setCharset(charset);