andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Strict cookie name validation

Browse Source
This commit is contained in:
Trustin Lee 2009-02-26 08:35:38 +00:00
parent b71d2d3d7f
commit 9550c0759d
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
View File

@ -21,6 +21,7 @@
*/ */
package org.jboss.netty.handler.codec.http; package org.jboss.netty.handler.codec.http;
/** /**
* @author The Netty Project (netty-dev@lists.jboss.org) * @author The Netty Project (netty-dev@lists.jboss.org)
* @author Andy Taylor (andy.taylor@jboss.org) * @author Andy Taylor (andy.taylor@jboss.org)
@ -42,6 +43,28 @@ public class DefaultCookie implements Cookie {
if (name == null) { if (name == null) {
throw new NullPointerException("name"); throw new NullPointerException("name");
} }
name = name.trim();
if (name.length() == 0) {
throw new IllegalArgumentException("empty name");
}
for (int i = 0; i < name.length(); i ++) {
char c = name.charAt(i);
if (c > 127) {
throw new IllegalArgumentException(
"name contains non-ascii character: " + name);
}
// Check prohibited characters.
switch (c) {
case '=': case ',': case ';': case ' ':
case '\t': case '\r': case '\n': case '\f':
case 0x0b: // Vertical tab
throw new IllegalArgumentException(
"name contains one of the following characters: " +
"=,; \\t\\r\\n\\v\\f: " + name);
}
}
this.name = name; this.name = name;
setValue(value); setValue(value);
} }