[jboss-remoting-commits] JBoss Remoting SVN: r4003 - remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Thu Apr 17 23:43:41 EDT 2008 

Author: david.lloyd at jboss.com
Date: 2008-04-17 23:43:41 -0400 (Thu, 17 Apr 2008)
New Revision: 4003

Modified:
   remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
Log:
One last validation rule

Modified: remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
===================================================================
--- remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java	2008-04-18 02:17:50 UTC (rev 4002)
+++ remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java	2008-04-18 03:43:41 UTC (rev 4003)
@@ -15,6 +15,9 @@
     private static final String DOMAIN_PATTERN_STRING = "^(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*(?:\\.(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*)+$";
     private static final Pattern DOMAIN_PATTERN = Pattern.compile(DOMAIN_PATTERN_STRING);
 
+    private static final String COOKIE_PATTERN_STRING = "^([^=;,\\p{Space}]*)$";
+    private static final Pattern COOKIE_PATTERN = Pattern.compile(COOKIE_PATTERN_STRING);
+
     private static final Set<String> TLD_SET;
 
     private static final Logger log = Logger.getLogger(SimpleCookieValidator.class);
@@ -73,7 +76,15 @@
             logReject(cookie, requestDomain, "cookie path is invalid");
             return false;
         }
-        log.trace("Accepting cookie \"%s\" from request domain \"%s\"", cookie.getName(), requestDomain);
+        final String name = cookie.getName();
+        if (! COOKIE_PATTERN.matcher(name).matches()) {
+            logReject(cookie, requestDomain, "cookie name is invalid");
+        }
+        final String value = cookie.getValue();
+        if (! COOKIE_PATTERN.matcher(value).matches()) {
+            logReject(cookie, requestDomain, "cookie value is invalid");
+        }
+        log.trace("Accepting cookie \"%s\" from request domain \"%s\"", name, requestDomain);
         return true;
     }
 }

More information about the jboss-remoting-commits mailing list