[jboss-remoting-commits] JBoss Remoting SVN: r4003 - remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie.
jboss-remoting-commits at lists.jboss.org
jboss-remoting-commits at lists.jboss.org
Thu Apr 17 23:43:41 EDT 2008
Author: david.lloyd at jboss.com
Date: 2008-04-17 23:43:41 -0400 (Thu, 17 Apr 2008)
New Revision: 4003
Modified:
remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
Log:
One last validation rule
Modified: remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
===================================================================
--- remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java 2008-04-18 02:17:50 UTC (rev 4002)
+++ remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java 2008-04-18 03:43:41 UTC (rev 4003)
@@ -15,6 +15,9 @@
private static final String DOMAIN_PATTERN_STRING = "^(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*(?:\\.(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*)+$";
private static final Pattern DOMAIN_PATTERN = Pattern.compile(DOMAIN_PATTERN_STRING);
+ private static final String COOKIE_PATTERN_STRING = "^([^=;,\\p{Space}]*)$";
+ private static final Pattern COOKIE_PATTERN = Pattern.compile(COOKIE_PATTERN_STRING);
+
private static final Set<String> TLD_SET;
private static final Logger log = Logger.getLogger(SimpleCookieValidator.class);
@@ -73,7 +76,15 @@
logReject(cookie, requestDomain, "cookie path is invalid");
return false;
}
- log.trace("Accepting cookie \"%s\" from request domain \"%s\"", cookie.getName(), requestDomain);
+ final String name = cookie.getName();
+ if (! COOKIE_PATTERN.matcher(name).matches()) {
+ logReject(cookie, requestDomain, "cookie name is invalid");
+ }
+ final String value = cookie.getValue();
+ if (! COOKIE_PATTERN.matcher(value).matches()) {
+ logReject(cookie, requestDomain, "cookie value is invalid");
+ }
+ log.trace("Accepting cookie \"%s\" from request domain \"%s\"", name, requestDomain);
return true;
}
}
More information about the jboss-remoting-commits
mailing list