From 9b0bf6814816897512e8de39af0fb6089dcae390 Mon Sep 17 00:00:00 2001
From: Trustin Lee <trustin@gmail.com>
Date: Mon, 16 Mar 2009 04:37:13 +0000
Subject: [PATCH] Made sure DefaultCookie doesn't accept reserved names

---
 .../handler/codec/http/DefaultCookie.java     | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java b/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
index ed1c8f4525..4c89e8f647 100644
--- a/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
+++ b/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
@@ -25,6 +25,8 @@ import java.util.Collections;
 import java.util.Set;
 import java.util.TreeSet;
 
+import org.jboss.netty.util.CaseIgnoringComparator;
+
 
 /**
  * @author The Netty Project (netty-dev@lists.jboss.org)
@@ -34,6 +36,21 @@ import java.util.TreeSet;
  */
 public class DefaultCookie implements Cookie {
 
+    private static final Set<String> RESERVED_NAMES = new TreeSet<String>(CaseIgnoringComparator.INSTANCE);
+
+    static {
+        RESERVED_NAMES.add("Domain");
+        RESERVED_NAMES.add("Path");
+        RESERVED_NAMES.add("Comment");
+        RESERVED_NAMES.add("CommentURL");
+        RESERVED_NAMES.add("Discard");
+        RESERVED_NAMES.add("Port");
+        RESERVED_NAMES.add("Max-Age");
+        RESERVED_NAMES.add("Expires");
+        RESERVED_NAMES.add("Version");
+        RESERVED_NAMES.add("Secure");
+    }
+
     private final String name;
     private String value;
     private String domain;
@@ -74,7 +91,10 @@ public class DefaultCookie implements Cookie {
             }
         }
 
-        // FIXME: Refuse known attribute names.
+        if (RESERVED_NAMES.contains(name)) {
+            throw new IllegalArgumentException("reserved name: " + name);
+        }
+
         this.name = name;
         setValue(value);
     }