sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-03-25 08:55:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

HTTP::Cookie.parse() should not raise an exception if it finds a bad name or value.

Browse source
This commit is contained in:
Akinori MUSHA 2013-09-10 14:48:29 +09:00
parent 9bfbc065cc
commit 391ada20d0
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/http/cookie.rb
View file

@ -281,7 +281,12 @@ class HTTP::Cookie
Scanner.new(set_cookie, logger).scan_set_cookie { |name, value, attrs| Scanner.new(set_cookie, logger).scan_set_cookie { |name, value, attrs|
break if name.nil? || name.empty? break if name.nil? || name.empty?
cookie = new(name, value) begin
cookie = new(name, value)
rescue => e
logger.warn("Invalid name or value: #{e}") if logger
next
end
cookie.created_at = created_at if created_at cookie.created_at = created_at if created_at
attrs.each { |aname, avalue| attrs.each { |aname, avalue|
begin begin

16
test/test_http_cookie.rb
View file

@ -126,6 +126,22 @@ class TestHTTPCookie < Test::Unit::TestCase
assert_equal 0, HTTP::Cookie.parse(cookie, url).size assert_equal 0, HTTP::Cookie.parse(cookie, url).size
end end
def test_parse_bad_name
cookie = "a\001b=c"
url = URI.parse('http://www.example.com/')
assert_nothing_raised {
assert_equal 0, HTTP::Cookie.parse(cookie, url).size
}
end
def test_parse_bad_value
cookie = "a=b\001c"
url = URI.parse('http://www.example.com/')
assert_nothing_raised {
assert_equal 0, HTTP::Cookie.parse(cookie, url).size
}
end
def test_parse_weird_cookie def test_parse_weird_cookie
cookie = 'n/a, ASPSESSIONIDCSRRQDQR=FBLDGHPBNDJCPCGNCPAENELB; path=/' cookie = 'n/a, ASPSESSIONIDCSRRQDQR=FBLDGHPBNDJCPCGNCPAENELB; path=/'
url = URI.parse('http://www.searchinnovation.com/') url = URI.parse('http://www.searchinnovation.com/')