antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

Add checks for cookieDomain validity (bug 219)

Browse source 
http://helma.org/bugs/show_bug.cgi?id=219
This commit is contained in:
hns 2003-02-17 16:02:40 +00:00
parent 8a5e24a574
commit 85401cd71f
1 changed files with 27 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
src/helma/servlet/AbstractServletClient.java
View file

@ -49,6 +49,8 @@ public abstract class AbstractServletClient extends HttpServlet {
uploadLimit = upstr == null ? 1024 : Integer.parseInt (upstr);
// get cookie domain
cookieDomain = init.getInitParameter ("cookieDomain");
if (cookieDomain != null)
cookieDomain = cookieDomain.toLowerCase();
// get default encoding
defaultEncoding = init.getInitParameter ("charset");
debug = ("true".equalsIgnoreCase (init.getInitParameter ("debug")));
@ -73,7 +75,6 @@ public abstract class AbstractServletClient extends HttpServlet {
protected void execute (HttpServletRequest request,
HttpServletResponse response,
byte method) {
Cookie[] cookies = request.getCookies();
RequestTrans reqtrans = new RequestTrans (method);
// get app and path from original request path
@ -120,11 +121,12 @@ public abstract class AbstractServletClient extends HttpServlet {
}
// read cookies
if (cookies != null) {
for (int i=0; i < cookies.length;i++) try {
Cookie[] reqCookies = request.getCookies();
if (reqCookies != null) {
for (int i=0; i < reqCookies.length;i++) try {
// get Cookies
String nextKey = cookies[i].getName ();
String nextPart = cookies[i].getValue ();
String nextKey = reqCookies[i].getName ();
String nextPart = reqCookies[i].getValue ();
if ("HopSession".equals (nextKey))
reqtrans.session = nextPart;
else
@ -157,6 +159,14 @@ public abstract class AbstractServletClient extends HttpServlet {
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
// get the cookie domain to use for this response, if any.
String resCookieDomain = cookieDomain;
if (resCookieDomain != null) {
// check if cookieDomain is valid for this response.
// (note: cookieDomain is guaranteed to be lower case)
if (host != null && host.toLowerCase().indexOf (cookieDomain) == -1)
resCookieDomain = null;
}
// check if we need to create a session id. also handle the
// case that the session id doesn't match the remote host address
if (reqtrans.session == null || !reqtrans.session.startsWith (remotehost)) {
@ -165,8 +175,8 @@ public abstract class AbstractServletClient extends HttpServlet {
System.currentTimeMillis (), 36);
Cookie c = new Cookie("HopSession", reqtrans.session);
c.setPath ("/");
if (cookieDomain != null)
c.setDomain (cookieDomain);
if (resCookieDomain != null)
c.setDomain (resCookieDomain);
response.addCookie(c);
}
@ -183,6 +193,16 @@ public abstract class AbstractServletClient extends HttpServlet {
reqtrans.path = getPathInfo (request);
ResponseTrans restrans = execute (reqtrans);
// set cookies
int ncookies = restrans.countCookies();
if (restrans.countCookies() > 0) {
CookieTrans[] resCookies = restrans.getCookies ();
for (int i = 0; i < resCookies.length; i++) try {
Cookie c = resCookies[i].getCookie ("/", resCookieDomain);
response.addCookie(c);
} catch (Exception ignore) {}
}
// write response
writeResponse (request, response, restrans);
} catch (Exception x) {
@ -210,15 +230,6 @@ public abstract class AbstractServletClient extends HttpServlet {
HttpServletResponse res,
ResponseTrans hopres) {
int ncookies = hopres.countCookies();
if (hopres.countCookies() > 0) {
CookieTrans[] cookies = hopres.getCookies ();
for (int i = 0; i < cookies.length; i++) try {
Cookie c = cookies[i].getCookie ("/", cookieDomain);
res.addCookie(c);
} catch (Exception ignore) {}
}
if (hopres.getETag() != null) {
res.setHeader ("ETag", hopres.getETag());
}