[jboss-remoting-commits] JBoss Remoting SVN: r4003 - remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie.
Author: david.lloyd(a)jboss.com
Date: 2008-04-17 23:43:41 -0400 (Thu, 17 Apr 2008)
New Revision: 4003
Modified:
remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
Log:
One last validation rule
Modified:
remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java
===================================================================
---
remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java 2008-04-18
02:17:50 UTC (rev 4002)
+++
remoting3/trunk/http/src/main/java/org/jboss/cx/remoting/http/cookie/SimpleCookieValidator.java 2008-04-18
03:43:41 UTC (rev 4003)
@@ -15,6 +15,9 @@
private static final String DOMAIN_PATTERN_STRING =
"^(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*(?:\\.(?:(?:[a-zA-Z0-9][a-zA-Z0-9]+)(?:-(?:[a-zA-Z0-9][a-zA-Z0-9]+))*)+$";
private static final Pattern DOMAIN_PATTERN =
Pattern.compile(DOMAIN_PATTERN_STRING);
+ private static final String COOKIE_PATTERN_STRING =
"^([^=;,\\p{Space}]*)$";
+ private static final Pattern COOKIE_PATTERN =
Pattern.compile(COOKIE_PATTERN_STRING);
+
private static final Set<String> TLD_SET;
private static final Logger log = Logger.getLogger(SimpleCookieValidator.class);
@@ -73,7 +76,15 @@
logReject(cookie, requestDomain, "cookie path is invalid");
return false;
}
- log.trace("Accepting cookie \"%s\" from request domain
\"%s\"", cookie.getName(), requestDomain);
+ final String name = cookie.getName();
+ if (! COOKIE_PATTERN.matcher(name).matches()) {
+ logReject(cookie, requestDomain, "cookie name is invalid");
+ }
+ final String value = cookie.getValue();
+ if (! COOKIE_PATTERN.matcher(value).matches()) {
+ logReject(cookie, requestDomain, "cookie value is invalid");
+ }
+ log.trace("Accepting cookie \"%s\" from request domain
\"%s\"", name, requestDomain);
return true;
}
}